Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2010-1585

Опубликовано: 28 апр. 2010
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 9.3

Описание

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

4.0~b12+build1+nobinonly-0ubuntu3
hardy

ignored

end of life
karmic

DNE

lucid

released

3.6.14+build3+nobinonly-0ubuntu0.10.04.1
maverick

released

3.6.14+build3+nobinonly-0ubuntu0.10.10.1
natty

not-affected

4.0~b12+build1+nobinonly-0ubuntu3
oneiric

not-affected

4.0~b12+build1+nobinonly-0ubuntu3
precise

not-affected

4.0~b12+build1+nobinonly-0ubuntu3
quantal

not-affected

4.0~b12+build1+nobinonly-0ubuntu3

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

released

3.6.14+build3+nobinonly-0ubuntu0.8.04.1
karmic

DNE

lucid

DNE

maverick

DNE

natty

DNE

oneiric

DNE

precise

DNE

quantal

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

DNE

karmic

released

3.6.14+build3+nobinonly-0ubuntu0.9.10.1
lucid

DNE

maverick

DNE

natty

DNE

oneiric

DNE

precise

DNE

quantal

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

ignored

end of life
karmic

ignored

end of life
lucid

ignored

end of life
maverick

ignored

end of life
natty

not-affected

2.0.13+nobinonly-0ubuntu1
oneiric

not-affected

2.0.13+nobinonly-0ubuntu1
precise

DNE

quantal

DNE

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

not-affected

3.1.9+nobinonly-0ubuntu1
hardy

ignored

end of life
karmic

ignored

end of life
lucid

released

3.1.8+build3+nobinonly-0ubuntu0.10.04.1
maverick

released

3.1.8+build3+nobinonly-0ubuntu0.10.10.1
natty

not-affected

3.1.9+nobinonly-0ubuntu1
oneiric

not-affected

3.1.9+nobinonly-0ubuntu1
precise

not-affected

3.1.9+nobinonly-0ubuntu1
quantal

not-affected

3.1.9+nobinonly-0ubuntu1

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

hardy

released

1.9.2.14+build3+nobinonly-0ubuntu0.8.04.1
karmic

released

1.9.2.14+build3+nobinonly-0ubuntu0.9.10.1
lucid

released

1.9.2.14+build3+nobinonly-0ubuntu0.10.04.1
maverick

released

1.9.2.14+build3+nobinonly-0ubuntu0.10.10.1
natty

not-affected

1.9.2.14+build3+nobinonly-0ubuntu1
oneiric

DNE

precise

DNE

quantal

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 78%
0.01192
Низкий

9.3 Critical

CVSS2

Связанные уязвимости

redhat логотип

CVE-2010-1585

redhat
больше 14 лет назад

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

nvd логотип

CVE-2010-1585

nvd
около 15 лет назад

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

debian логотип

CVE-2010-1585

debian
около 15 лет назад

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFrag ...

github логотип

GHSA-xp93-22jw-4857

github
около 3 лет назад

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

oracle-oval логотип

ELSA-2011-0311

oracle-oval
больше 14 лет назад

ELSA-2011-0311: thunderbird security update (CRITICAL)

EPSS

Процентиль: 78%
0.01192
Низкий

9.3 Critical

CVSS2

Уязвимость CVE-2010-1585