CVE Vulnerabilities

CVE-2010-3771

Published: Dec 10, 2010 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 3.6.2 3.6.2
Firefox Mozilla 3.6.3 3.6.3
Firefox Mozilla 3.6.11 3.6.11
Firefox Mozilla 3.6.8 3.6.8
Firefox Mozilla 3.6.9 3.6.9
Firefox Mozilla 3.6.12 3.6.12
Firefox Mozilla 3.6.6 3.6.6
Firefox Mozilla 3.6.10 3.6.10
Firefox Mozilla 3.6.7 3.6.7
Firefox Mozilla 3.6.4 3.6.4
Firefox Mozilla 3.6 3.6

References