Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2010-3773

Опубликовано: 10 дек. 2010
Источник: debian

Описание

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
xulrunnerremovedpackage
iceweaselfixed3.5.16-1package
iceweaselnot-affectedlennypackage
iceapefixed2.0.11-1package
iceapenot-affectedlennypackage

Примечания

  • xulrunner in wheezy is not covered by security support

Связанные уязвимости

ubuntu логотип

CVE-2010-3773

ubuntu
около 15 лет назад

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

redhat логотип

CVE-2010-3773

redhat
около 15 лет назад

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

nvd логотип

CVE-2010-3773

nvd
около 15 лет назад

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

github логотип

GHSA-9944-54j7-5276

github
больше 3 лет назад

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

oracle-oval логотип

ELSA-2010-0966

oracle-oval
около 15 лет назад

ELSA-2010-0966: firefox security update (CRITICAL)