Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2768
HistorySep 07, 2010 - 12:00 a.m.

CVE-2010-2768

2010-09-0700:00:00
ubuntu.com
ubuntu.com
28
mozilla firefox
thunderbird
seamonkey
charset
bypass
vulnerability
remote attackers
cross-site scripting
utf-7
encoding

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

69.6%

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before
3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly
restrict use of the type attribute of an OBJECT element to set a document’s
charset, which allows remote attackers to bypass cross-site scripting (XSS)
protection mechanisms via UTF-7 encoding.

Notes

Author Note
jdstrand CVEs in Firefox are tracked in the xulrunner source packages for builds that use the system xulrunner, and firefox source packages for those that use a static build xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul) xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul) xulrunner-1.9: (ignored) reverse dependencies no longer process web content xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content xulrunner-1.9.2: system xul for reverese dependencies that process web content firefox: Ubuntu 6.06 LTS (static build) firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher) firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x) firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead) firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 3.6.9+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchfirefox< 3.6.9+build1+nobinonly-0ubuntu1 UNKNOWN
ubuntu11.04noarchfirefox< 3.6.9+build1+nobinonly-0ubuntu1 UNKNOWN
ubuntu8.04noarchfirefox-3.0< 3.6.9+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchfirefox-3.0< 3.6.9+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.04noarchfirefox-3.5< 3.5.12+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchfirefox-3.5< 3.6.9+build1+nobinonly-0ubuntu0.9.10.2UNKNOWN
ubuntu8.04noarchseamonkey< 2.0.8+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchseamonkey< 2.0.8+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchseamonkey< 2.0.8+build1+nobinonly-0ubuntu0.9.10.1UNKNOWN
Rows per page:
1-10 of 241

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.003

Percentile

69.6%