Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19351
HistoryMar 26, 2010 - 12:00 a.m.

Mozilla Firefox addEventListener和setTimeout实现跨站脚本漏洞

2010-03-2600:00:00
Root
www.seebug.org
17

0.003 Low

EPSS

Percentile

65.4%

JSON

BUGTRAQ ID: 38946
CVE(CAN) ID: CVE-2010-0171

Firefox是一款流行的开源WEB浏览器。

Firefox的addEventListener和setTimeout实现中存在安全漏洞,用户可以通过使用包装的对象绕过MFSA 2007-19所提供的修复执行跨站脚本攻击;由于Firefox 3.6浏览器引擎中的更改,对这个版本的攻击仅限于从跨来源帧或窗口捕获键盘敲击事件。

Mozilla Firefox 3.6
Mozilla Firefox 3.5.x
Mozilla Firefox 3.0.x
Mozilla Thunderbird 3.0
Mozilla SeaMonkey 2.0
厂商补丁:

Mozilla

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.mozilla.org/

Related

veracode 1
securityvulns 2
mozilla 1
prion 1
cve 1
ubuntucve 1
openvas 7
redhat 4
centos 4
oraclelinux 3
nessus 20
gentoo 1
veracode
veracode
Cross-site Scripting (XSS)
2020-04-10 00:42:21
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-12
2010-04-06 00:00:00
Многочисленные уязвимости в Mozilla Firefox / Seamonkey multiple security vulnerabilities
2013-08-20 00:00:00
mozilla
mozilla
XSS using addEventListener and setTimeout on a wrapped object — Mozilla
2010-03-23 00:00:00
prion
prion
Cross site scripting
2010-03-25 21:00:00
cve
cve
CVE-2010-0171
2010-03-25 21:00:00
ubuntucve
ubuntucve
CVE-2010-0171
2010-03-25 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities Mar-10 (Windows)
2010-03-30 00:00:00
Mozilla Products Multiple Vulnerabilities (Mar 2010) - Linux
2010-03-30 00:00:00
Mozilla Products Multiple Vulnerabilities Mar-10 (Linux)
2010-03-30 00:00:00
redhat
redhat
(RHSA-2010:0113) Critical: seamonkey security update
2010-02-17 00:00:00
(RHSA-2010:0112) Critical: firefox security update
2010-02-17 00:00:00
(RHSA-2010:0153) Moderate: thunderbird security update
2010-03-17 00:00:00
centos
centos
seamonkey security update
2010-02-18 00:29:51
firefox, xulrunner security update
2010-02-18 00:33:18
thunderbird security update
2010-03-17 18:24:23
oraclelinux
oraclelinux
seamonkey security update
2010-02-17 00:00:00
firefox security update
2010-02-17 00:00:00
thunderbird security update
2010-03-17 00:00:00
nessus
nessus
Mozilla Thunderbird < 3.0.2 Multiple Vulnerabilities
2010-03-02 00:00:00
RHEL 3 / 4 : seamonkey (RHSA-2010:0113)
2010-02-18 00:00:00
Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)
2013-07-12 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00

0.003 Low

EPSS

Percentile

65.4%

JSON
Related for SSV:19351
veracode1securityvulns2mozilla1prion1cve1ubuntucve1openvas7redhat4centos4oraclelinux3nessus20gentoo1