Published: 06 December 2010
Mono, when Moonlight before 22.214.171.124 or 2.99.x before 126.96.36.199 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
Launchpad, Ubuntu, Debian
upstream note: The bug (and fix) is in mono source code but can only be exploited (by untrusted applications) when used by Moonlight. Setting severity to negligile.