Ubuntu
moon package

Security vulnerability allows violation of the type system and possibly execution of arbitrary code

Bug #691780 reported by Chris Howie on 2010-12-18

336

Affects		Status	Importance	Assigned to	Milestone
	moon (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4254
http://secunia.com/advisories/42373/

A bug in generics allows violation of the type system. When paired with delegate types, this may allow a crafted Moonlight application to execute arbitrary code. 2.3.0.1 is the most recent version and is currently the only 2.x version free of this bug.

See original description

CVE References

2010-4254

Revision history for this message

Chris Howie (chrishowie) wrote on 2010-12-18:

My bad, 2.99.0.10 is also free of the bug.

visibility:	private → public
visibility:	public → private
description:	updated

Jamie Strandboge (jdstrand) on 2011-01-12

visibility:	private → public
Changed in moon (Ubuntu):
status:	New → Confirmed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntumoon package