Lucene search
Ubuntu.comUB:CVE-2010-3771HistoryDec 09, 2010 - 12:00 a.m.
CVE-2010-3771
2010-12-0900:00:00
ubuntu.com
ubuntu.com
33
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.8%
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
2.0.11, does not properly handle injection of an ISINDEX element into an
about:blank page, which allows remote attackers to execute arbitrary
JavaScript code with chrome privileges via vectors related to redirection
to a chrome: URI.
Notes
| Author | Note |
|---|---|
| jdstrand | Ubuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | firefox | < 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | firefox | < 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | firefox-3.0 | < 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | firefox-3.5 | < 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 10.04 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | xulrunner-1.9.2 | < 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | xulrunner-1.9.2 | < 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
Related
prion
prion
Design/Logic Flaw
2010-12-10 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:52:31
mozilla
mozilla
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-76
2010-12-10 00:00:00
Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
2010-12-10 00:00:00
cve
cve
CVE-2010-3771
2010-12-10 19:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
2010-12-27 00:00:00
Mozilla Products Multiple Vulnerabilities (MFSA2010-76, MFSA2010-80, MFSA2010-81, MFSA2010-84) - Windows
2010-12-27 00:00:00
Debian: Security Advisory (DSA-2132-1)
2011-01-24 00:00:00
nessus
nessus
debian
debian
[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities
2010-12-11 12:03:35
[BSA-013] Security Update for iceweasel
2011-01-03 06:30:25
osv
osv
xulrunner - several vulnerabilities
2010-12-11 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: firefox-3.6.13-1.fc13
2010-12-10 20:25:42
[SECURITY] Fedora 14 Update: gnome-python2-extras-2.25.3-26.fc14.1
2010-12-10 20:27:49
[SECURITY] Fedora 14 Update: perl-Gtk2-MozEmbed-0.08-6.fc14.22
2010-12-10 20:27:49
oraclelinux
oraclelinux
firefox security update
2010-12-10 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2010-12-09 00:00:00
centos
centos
firefox security update
2011-01-27 08:53:21
redhat
redhat
(RHSA-2010:0966) Critical: firefox security update
2010-12-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-12-09 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2011-01-05 11:25:44
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.8%
Related for UB:CVE-2010-3771