Lucene search

K

MitreCVELIST:CVE-2010-2768

HistorySep 09, 2010 - 6:00 p.m.

CVE-2010-2768

2010-09-0918:00:00

mitre

www.cve.org

8.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document’s charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.

References

blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

secunia.com/advisories/42867

support.avaya.com/css/P8/documents/100110210

support.avaya.com/css/P8/documents/100112690

www.debian.org/security/2010/dsa-2106

www.mandriva.com/security/advisories?name=MDVSA-2010:173

www.mozilla.org/security/announce/2010/mfsa2010-61.html

www.securityfocus.com/bid/43101

www.vupen.com/english/advisories/2010/2323

www.vupen.com/english/advisories/2011/0061

bugzilla.mozilla.org/show_bug.cgi?id=579744

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11735

8.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

Related for CVELIST:CVE-2010-2768

nvd1 ubuntucve1 prion1 securityvulns2 cve1 mozilla1 veracode1 openvas55 nessus50 redhat3 centos3 oraclelinux3 debian5 osv1 fedora7 ubuntu4 suse3 freebsd1 gentoo1