Published: 10/12/2010 Updated: 19/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox prior to 3.5.16 and 3.6.x prior to 3.6.13, and SeaMonkey prior to 2.0.11, allow remote malicious users to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.7
mozilla firefox 3.6
mozilla firefox 3.6.8
mozilla firefox 3.6.10
mozilla firefox 3.6.4
mozilla firefox 3.6.6
mozilla firefox 3.6.12
mozilla firefox 3.6.2
mozilla firefox 3.6.3
mozilla firefox 3.6.9
mozilla firefox 3.6.11
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.1
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.5.0.8
mozilla seamonkey 2.0
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.2
mozilla seamonkey
mozilla firefox 3.0.1
mozilla firefox 2.0.0.19
mozilla firefox 0.10
mozilla firefox 1.0.1
mozilla firefox 3.0.5
mozilla firefox 1.0.5
mozilla firefox 1.0.4
mozilla firefox 3.0.7
mozilla firefox 2.0.0.17
mozilla firefox 0.6.1
mozilla firefox 0.8
mozilla firefox 0.10.1
mozilla firefox 2.0.0.20
mozilla firefox 1.0
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox 2.0.0.10
mozilla firefox 3.0.16
mozilla firefox 0.7.1
mozilla firefox 3.5.2
mozilla firefox 0.1
mozilla firefox 0.2
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 1.5.5
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.5
mozilla firefox 3.0.14
mozilla firefox 3.5.10
mozilla firefox 3.0.12
mozilla firefox 2.0.0.8
mozilla firefox 3.0.13
mozilla firefox 2.0.0.18
mozilla firefox 3.5
mozilla firefox 3.5.6
mozilla firefox
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.12
mozilla firefox 0.9.3
mozilla firefox 0.9.2
mozilla firefox 1.0.2
mozilla firefox 3.0
mozilla firefox 1.0.8
mozilla firefox 3.0.17
mozilla firefox 3.5.11
mozilla firefox 1.4.1
mozilla firefox 2.0.0.15
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.11
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.8
mozilla firefox 1.5.8
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 3.0.3
mozilla firefox 3.5.13
mozilla firefox 3.0.10
mozilla firefox 3.0.8
mozilla firefox 3.5.9
mozilla firefox 3.5.5
mozilla firefox 0.7
mozilla firefox 0.6
mozilla firefox 3.0.9
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 3.0.2
mozilla firefox 2.0.0.1
mozilla firefox 3.5.1
mozilla firefox 3.0.11
mozilla firefox 1.5
mozilla firefox 3.0.4
mozilla firefox 3.5.3
mozilla firefox 3.5.4
mozilla firefox 0.9.1
mozilla firefox 0.9
mozilla firefox 1.0.3
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 2.0
mozilla firefox 3.0.15
mozilla firefox 2.0.0.4
mozilla firefox 3.5.14
mozilla firefox 3.5.12
mozilla firefox 2.0.0.13
mozilla firefox 3.0.6
mozilla firefox 3.5.7
mozilla firefox 3.5.8

Firefox could be made to crash or run programs as your login if it opened a specially crafted website ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: For the stable distribution (lenny), these problems have been fixed in version 19019-7 For the upcoming stable version (squeeze) and the unstable distri ...

Mozilla Foundation Security Advisory 2010-84 XSS hazard in multiple character encodings Announced December 9, 2010 Reporter Yosuke Hasegawa, Masatoshi Kimura Impact Moderate Products Firefox, SeaMonkey Fixed in ...

source: wwwsecurityfocuscom/bid/45353/info Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credential ...

CWE-79 https://bugzilla.mozilla.org/show_bug.cgi?id=601429 http://www.mozilla.org/security/announce/2010/mfsa2010-84.html http://www.securityfocus.com/bid/45353 http://www.securitytracker.com/id?1024851 http://www.debian.org/security/2010/dsa-2132 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://secunia.com/advisories/42716 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://www.redhat.com/support/errata/RHSA-2010-0966.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://www.ubuntu.com/usn/USN-1019-1 http://support.avaya.com/css/P8/documents/100124650 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://www.vupen.com/english/advisories/2011/0030 http://secunia.com/advisories/42818 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348 https://usn.ubuntu.com/1019-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/35095/

Get Started

CVE-2010-3770

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect