Published: 05/04/2010 Updated: 30/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 676

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Mozilla Firefox prior to 3.0.19, 3.5.x prior to 3.5.9, and 3.6.x prior to 3.6.2, and SeaMonkey prior to 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote malicious users to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.5.1
mozilla firefox 3.5.2
mozilla firefox 3.5.6
mozilla firefox 3.5.4
mozilla firefox 3.5.3
mozilla firefox 3.5.7
mozilla firefox 3.5
mozilla firefox 3.5.5
mozilla firefox 3.6
mozilla firefox 3.0.16
mozilla firefox 3.0.9
mozilla firefox 3.0.8
mozilla firefox 3.0.1
mozilla firefox 3.0
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.12
mozilla firefox 2.0.0.5
mozilla firefox 2.0.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.4
mozilla firefox 1.5.1
mozilla firefox 1.5.8
mozilla firefox 1.5.7
mozilla firefox 1.0.4
mozilla firefox 1.0.3
mozilla firefox 0.9
mozilla firefox 0.4
mozilla firefox 0.3
mozilla firefox 3.0.13
mozilla firefox 3.0.12
mozilla firefox 3.0.5
mozilla firefox 3.0.4
mozilla firefox 2.0.0.18
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.1
mozilla firefox 2.0
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.9
mozilla firefox 1.5.0.6
mozilla firefox 1.0.8
mozilla firefox 1.0.7
mozilla firefox 1.0
mozilla firefox 0.9.3
mozilla firefox 0.7
mozilla firefox 0.6.1
mozilla firefox 0.10
mozilla firefox 0.1
mozilla firefox 3.0.15
mozilla firefox 3.0.14
mozilla firefox 3.0.7
mozilla firefox 3.0.6
mozilla firefox 2.0.0.20
mozilla firefox 2.0.0.19
mozilla firefox 2.0.0.11
mozilla firefox 2.0.0.10
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.11
mozilla firefox 1.5.2
mozilla firefox 1.5.0.8
mozilla firefox 1.5.6
mozilla firefox 1.5.5
mozilla firefox 1.0.2
mozilla firefox 1.0.1
mozilla firefox 0.8
mozilla firefox 0.7.1
mozilla firefox 0.2
mozilla firefox 0.10.1
mozilla firefox 3.0.11
mozilla firefox 3.0.10
mozilla firefox 3.0.3
mozilla firefox 3.0.2
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.15
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.7
mozilla firefox 2.0.0.6
mozilla firefox 1.5
mozilla firefox 1.5.0.4
mozilla firefox 1.5.3
mozilla firefox 1.5.0.7
mozilla firefox 1.0.6
mozilla firefox 1.0.5
mozilla firefox 0.9.2
mozilla firefox 0.9.1
mozilla firefox 0.6
mozilla firefox 0.5
mozilla firefox
mozilla seamonkey 2.0.2
mozilla seamonkey
mozilla seamonkey 2.0
mozilla seamonkey 1.1
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.12
mozilla seamonkey 1.0.9
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.4
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.14
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.2
mozilla seamonkey 1.1.9
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.10
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.6
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.1
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.4

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulner ...

Martijn Wargers, Josh Soref, Jesse Ruderman, and Ehsan Akhgari discovered flaws in the browser engine of Firefox If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2010-0174) ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0174 Jesse Ruderman and Ehsan Akhgari discovered crashes in the layout engine, which might allow the ex ...

Mozilla Foundation Security Advisory 2010-20 Chrome privilege escalation via forced URL drag and drop Announced March 30, 2010 Reporter Paul Stone Impact Critical Products Firefox, SeaMonkey Fixed in ...

CWE-94 http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/english/advisories/2010/0764 https://bugzilla.mozilla.org/show_bug.cgi?id=546909 http://www.redhat.com/support/errata/RHSA-2010-0332.html http://www.mozilla.org/security/announce/2010/mfsa2010-20.html http://securitytracker.com/id?1023776 http://secunia.com/advisories/39243 http://secunia.com/advisories/39136 http://secunia.com/advisories/39240 http://www.vupen.com/english/advisories/2010/0781 http://www.debian.org/security/2010/dsa-2027 http://secunia.com/advisories/39308 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://ubuntu.com/usn/usn-921-1 http://secunia.com/advisories/39397 http://www.vupen.com/english/advisories/2010/0849 http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html https://exchange.xforce.ibmcloud.com/vulnerabilities/57391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6975 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10460 https://access.redhat.com/errata/RHSA-2010:0332 https://nvd.nist.gov https://usn.ubuntu.com/920-1/

Get Started

CVE-2010-0178

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect