Published: 30/07/2010 Updated: 19/09/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x prior to 3.5.11 and 3.6.x prior to 3.6.7, and SeaMonkey prior to 2.0.6, allows remote malicious users to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.5.7
mozilla firefox 3.5.9
mozilla firefox 3.5.10
mozilla firefox 3.5.1
mozilla firefox 3.5.2
mozilla firefox 3.6.1
mozilla firefox 3.6.2
mozilla firefox 3.5.3
mozilla firefox 3.5.4
mozilla firefox 3.6.3
mozilla firefox 3.6.4
mozilla firefox 3.5.5
mozilla firefox 3.5.6
mozilla firefox 3.6.6
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0
mozilla seamonkey
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.1
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.2
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0a1pre

Synopsis Critical: seamonkey security update Type/Severity Security Advisory: Critical Topic Updated seamonkey packages that fix several security issues are nowavailable for Red Hat Enterprise Linux 3 and 4The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vu ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5The Red Hat Security Response Team has rated this update as having criticalsecurity impact Common Vulner ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0182 Wladimir Palant discovered that security checks in XML processing were insufficiently enforced CVE-2010-0654 Chris Evans discove ...

This update is for use with the new Xulrunner provided in USN-930-4 ...

Firefox could be made to run programs as your login if it opened a specially crafted file or website ...

Mozilla Foundation Security Advisory 2010-45 Multiple location bar spoofing vulnerabilities Announced July 20, 2010 Reporter Michal Zalewski, Jordi Chancel Impact Moderate Products Firefox, SeaMonkey Fixed in ...

CWE-264 https://bugzilla.mozilla.org/show_bug.cgi?id=536466 http://www.mozilla.org/security/announce/2010/mfsa2010-45.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11688 https://access.redhat.com/errata/RHSA-2010:0546 https://nvd.nist.gov https://usn.ubuntu.com/930-5/https://www.debian.org/security/./dsa-2075

CVE-2010-2751

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect