CVE-2010-3771

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	3.6 (including)	3.6 (including)
Firefox	Mozilla	3.6.2 (including)	3.6.2 (including)
Firefox	Mozilla	3.6.3 (including)	3.6.3 (including)
Firefox	Mozilla	3.6.4 (including)	3.6.4 (including)
Firefox	Mozilla	3.6.6 (including)	3.6.6 (including)
Firefox	Mozilla	3.6.7 (including)	3.6.7 (including)
Firefox	Mozilla	3.6.8 (including)	3.6.8 (including)
Firefox	Mozilla	3.6.9 (including)	3.6.9 (including)
Firefox	Mozilla	3.6.10 (including)	3.6.10 (including)
Firefox	Mozilla	3.6.11 (including)	3.6.11 (including)
Firefox	Mozilla	3.6.12 (including)	3.6.12 (including)
Red Hat Enterprise Linux 4	RedHat	firefox-0:3.6.13-3.el4	*
Red Hat Enterprise Linux 5	RedHat	firefox-0:3.6.13-2.el5	*
Red Hat Enterprise Linux 5	RedHat	xulrunner-0:1.9.2.13-3.el5	*
Red Hat Enterprise Linux 6	RedHat	firefox-0:3.6.13-2.el6_0	*
Red Hat Enterprise Linux 6	RedHat	xulrunner-0:1.9.2.13-3.el6_0	*
Firefox	Ubuntu	dapper	*
Firefox	Ubuntu	devel	*
Firefox	Ubuntu	hardy	*
Firefox	Ubuntu	lucid	*
Firefox	Ubuntu	maverick	*
Firefox	Ubuntu	upstream	*
Firefox-3.0	Ubuntu	hardy	*
Firefox-3.5	Ubuntu	karmic	*
Seamonkey	Ubuntu	devel	*
Seamonkey	Ubuntu	hardy	*
Seamonkey	Ubuntu	karmic	*
Seamonkey	Ubuntu	lucid	*
Seamonkey	Ubuntu	maverick	*
Seamonkey	Ubuntu	upstream	*
Xulrunner-1.9.2	Ubuntu	devel	*
Xulrunner-1.9.2	Ubuntu	hardy	*
Xulrunner-1.9.2	Ubuntu	karmic	*
Xulrunner-1.9.2	Ubuntu	lucid	*
Xulrunner-1.9.2	Ubuntu	maverick	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3771
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References