CVE-2010-3775

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.

Affected Software

Name	Vendor	Start Version	End Version
Firefox	Mozilla	3.6 (including)	3.6 (including)
Firefox	Mozilla	3.6.2 (including)	3.6.2 (including)
Firefox	Mozilla	3.6.3 (including)	3.6.3 (including)
Firefox	Mozilla	3.6.4 (including)	3.6.4 (including)
Firefox	Mozilla	3.6.6 (including)	3.6.6 (including)
Firefox	Mozilla	3.6.7 (including)	3.6.7 (including)
Firefox	Mozilla	3.6.8 (including)	3.6.8 (including)
Firefox	Mozilla	3.6.9 (including)	3.6.9 (including)
Firefox	Mozilla	3.6.10 (including)	3.6.10 (including)
Firefox	Mozilla	3.6.11 (including)	3.6.11 (including)
Firefox	Mozilla	3.6.12 (including)	3.6.12 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3775
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References