Lucene search
HistoryMar 25, 2010 - 9:00 p.m.
CVE-2010-0171
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.479 Medium
EPSS
Percentile
97.5%
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.
Affected configurations
Node
mozillafirefoxMatch3.0
ORmozillafirefoxMatch3.0.1
ORmozillafirefoxMatch3.0.10
ORmozillafirefoxMatch3.0.11
ORmozillafirefoxMatch3.0.12
ORmozillafirefoxMatch3.0.13
ORmozillafirefoxMatch3.0.14
ORmozillafirefoxMatch3.0.15
ORmozillafirefoxMatch3.0.16
ORmozillafirefoxMatch3.0.17
ORmozillafirefoxMatch3.5
ORmozillafirefoxMatch3.5.1
ORmozillafirefoxMatch3.5.2
ORmozillafirefoxMatch3.5.3
ORmozillafirefoxMatch3.5.4
ORmozillafirefoxMatch3.5.5
ORmozillafirefoxMatch3.5.6
ORmozillafirefoxMatch3.5.7
ORmozillafirefoxMatch3.6
ORmozillaseamonkeyRange≤2.0.2
ORmozillaseamonkeyMatch1.1
ORmozillaseamonkeyMatch1.1alpha
ORmozillaseamonkeyMatch1.1beta
ORmozillaseamonkeyMatch1.1.1
ORmozillaseamonkeyMatch1.1.2
ORmozillaseamonkeyMatch1.1.3
ORmozillaseamonkeyMatch1.1.4
ORmozillaseamonkeyMatch1.1.5
ORmozillaseamonkeyMatch1.1.51.1.10
ORmozillaseamonkeyMatch1.1.6
ORmozillaseamonkeyMatch1.1.7
ORmozillaseamonkeyMatch1.1.8
ORmozillaseamonkeyMatch1.1.9
ORmozillaseamonkeyMatch1.1.10
ORmozillaseamonkeyMatch1.1.11
ORmozillaseamonkeyMatch1.1.12
ORmozillaseamonkeyMatch1.1.13
ORmozillaseamonkeyMatch1.1.14
ORmozillaseamonkeyMatch1.1.15
ORmozillaseamonkeyMatch1.1.16
ORmozillaseamonkeyMatch1.1.17
ORmozillaseamonkeyMatch1.1.18
ORmozillaseamonkeyMatch1.1.19
ORmozillaseamonkeyMatch2.0
ORmozillaseamonkeyMatch2.0alpha_1
ORmozillaseamonkeyMatch2.0alpha_2
ORmozillaseamonkeyMatch2.0alpha_3
ORmozillaseamonkeyMatch2.0beta_1
ORmozillaseamonkeyMatch2.0beta_2
ORmozillaseamonkeyMatch2.0rc1
ORmozillaseamonkeyMatch2.0rc2
ORmozillaseamonkeyMatch2.0.1
ORmozillathunderbirdRange≤3.0.1
ORmozillathunderbirdMatch1.5
ORmozillathunderbirdMatch1.5beta2
ORmozillathunderbirdMatch1.5.0.1
ORmozillathunderbirdMatch1.5.0.2
ORmozillathunderbirdMatch1.5.0.3
ORmozillathunderbirdMatch1.5.0.4
ORmozillathunderbirdMatch1.5.0.5
ORmozillathunderbirdMatch1.5.0.6
ORmozillathunderbirdMatch1.5.0.7
ORmozillathunderbirdMatch1.5.0.8
ORmozillathunderbirdMatch1.5.0.9
ORmozillathunderbirdMatch1.5.0.10
ORmozillathunderbirdMatch1.5.0.11
ORmozillathunderbirdMatch1.5.0.12
ORmozillathunderbirdMatch1.5.0.13
ORmozillathunderbirdMatch1.5.0.14
ORmozillathunderbirdMatch1.5.1
ORmozillathunderbirdMatch1.5.2
ORmozillathunderbirdMatch2.0.0.0
ORmozillathunderbirdMatch2.0.0.3
ORmozillathunderbirdMatch2.0.0.4
ORmozillathunderbirdMatch2.0.0.5
ORmozillathunderbirdMatch2.0.0.6
ORmozillathunderbirdMatch2.0.0.7
ORmozillathunderbirdMatch2.0.0.8
ORmozillathunderbirdMatch2.0.0.9
ORmozillathunderbirdMatch2.0.0.12
ORmozillathunderbirdMatch2.0.0.14
ORmozillathunderbirdMatch2.0.0.16
ORmozillathunderbirdMatch2.0.0.17
ORmozillathunderbirdMatch2.0.0.18
ORmozillathunderbirdMatch2.0.0.19
References
www.mozilla.org/security/announce/2010/mfsa2010-12.html
www.securityfocus.com/bid/38918
www.vupen.com/english/advisories/2010/0692
bugzilla.mozilla.org/show_bug.cgi?id=531364
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10773
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7743
Related
ubuntucve
ubuntucve
CVE-2010-0171
2010-03-25 00:00:00
CVE-2007-3736
2007-07-18 00:00:00
prion
prion
Cross site scripting
2010-03-25 21:00:00
Cross site scripting
2007-07-18 17:30:00
cvelist
cvelist
CVE-2010-0171
2010-03-25 20:31:00
CVE-2007-3736
2007-07-18 17:00:00
cve
cve
CVE-2010-0171
2010-03-25 21:00:00
CVE-2007-3736
2007-07-18 17:30:00
mozilla
mozilla
XSS using addEventListener and setTimeout on a wrapped object — Mozilla
2010-03-23 00:00:00
XSS using addEventListener and setTimeout — Mozilla
2007-07-17 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:42:21
Cross-Site Scripting (XSS)
2020-04-10 00:17:16
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-12
2010-04-06 00:00:00
Mozilla Foundation Security Advisory 2007-19
2007-07-19 00:00:00
Mozilla Firefox, Thunderbird, Seamonkey multiple securityvulnerabilities
2007-07-19 00:00:00
seebug
seebug
Mozilla Firefox addEventListener和setTimeout实现跨站脚本漏洞
2010-03-26 00:00:00
Mozilla Firefox 2.0.0.4多个远程安全漏洞
2007-07-19 00:00:00
nvd
nvd
CVE-2007-3736
2007-07-18 17:30:00
nessus
nessus
Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)
2010-02-22 00:00:00
Mozilla Thunderbird < 3.0.2 Multiple Vulnerabilities
2010-03-02 00:00:00
Fedora Core 6 : thunderbird-1.5.0.12-2.fc6 (2007-641)
2007-07-23 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities (Mar 2010) - Windows
2010-03-30 00:00:00
Mozilla Products Multiple Vulnerabilities Mar-10 (Linux)
2010-03-30 00:00:00
Mozilla Products Multiple Vulnerabilities (Mar 2010) - Linux
2010-03-30 00:00:00
redhat
redhat
(RHSA-2010:0113) Critical: seamonkey security update
2010-02-17 00:00:00
(RHSA-2007:0723) Moderate: thunderbird security update
2007-07-18 00:00:00
(RHSA-2007:0722) Critical: seamonkey security update
2007-07-18 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2010-02-17 00:00:00
Moderate: thunderbird security update
2007-07-19 00:00:00
Critical: seamonkey security update
2007-07-19 00:00:00
centos
centos
seamonkey security update
2010-02-18 00:29:51
thunderbird security update
2007-07-19 19:16:54
seamonkey security update
2007-07-19 11:53:21
fedora
fedora
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.5-1.fc7
2007-07-20 19:32:33
[SECURITY] Fedora Core 6 Update: thunderbird-1.5.0.12-2.fc6
2007-07-20 16:21:25
[SECURITY] Fedora Core 6 Update: firefox-1.5.0.12-4.fc6
2007-07-20 16:24:04
osv
osv
debian
debian
[SECURITY] [DSA 1338-1] New iceweasel packages fix several vulnerabilities
2007-07-23 17:27:52
[SECURITY] [DSA 1339-1] New iceape packages fix several vulnerabilities
2007-07-24 00:00:33
[SECURITY] [DSA 1337-1] New xulrunner packages fix several vulnerabilities
2007-07-22 19:19:22
gentoo
gentoo
Mozilla products: Multiple vulnerabilities
2007-08-14 00:00:00
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2007-07-20 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2007-08-02 16:31:06
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.479 Medium
EPSS
Percentile
97.5%
Related for NVD:CVE-2010-0171