Published: 10/12/2010 Updated: 19/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Mozilla Firefox prior to 3.5.16 and 3.6.x prior to 3.6.13, and SeaMonkey prior to 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote malicious users to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.7
mozilla firefox 3.6
mozilla firefox 3.6.4
mozilla firefox 3.6.6
mozilla firefox 3.6.12
mozilla firefox 3.6.8
mozilla firefox 3.6.10
mozilla firefox 3.6.2
mozilla firefox 3.6.3
mozilla firefox 3.6.9
mozilla firefox 3.6.11
mozilla seamonkey 1.0
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.9
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0.8
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0
mozilla seamonkey 2.0.5
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.0.4
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.1.7
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0.9
mozilla seamonkey
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.5.0.10
mozilla seamonkey 1.5.0.8
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 2.0.8
mozilla seamonkey 1.0.5
mozilla seamonkey 1.0.6
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.8
mozilla seamonkey 1.1.9
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.2
mozilla firefox 2.0.0.12
mozilla firefox 3.0.1
mozilla firefox 0.9.3
mozilla firefox 0.9.2
mozilla firefox 1.0.2
mozilla firefox 3.0
mozilla firefox 1.0.5
mozilla firefox 3.0.17
mozilla firefox 3.5.11
mozilla firefox 1.4.1
mozilla firefox 2.0.0.15
mozilla firefox 0.5
mozilla firefox 0.6
mozilla firefox 1.5.0.3
mozilla firefox 1.5.0.11
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.5.8
mozilla firefox 1.5.7
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 3.0.3
mozilla firefox 3.5.13
mozilla firefox 3.0.8
mozilla firefox 1.5
mozilla firefox 3.5.9
mozilla firefox 3.5.5
mozilla firefox 0.8
mozilla firefox 0.10.1
mozilla firefox 2.0.0.20
mozilla firefox 1.0
mozilla firefox 1.0.6
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.10
mozilla firefox 3.0.16
mozilla firefox 0.7.1
mozilla firefox 3.5.2
mozilla firefox 0.2
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 2.0.0.6
mozilla firefox 2.0.0.5
mozilla firefox 3.0.14
mozilla firefox 3.5.10
mozilla firefox 3.0.12
mozilla firefox 2.0.0.8
mozilla firefox 2.0.0.13
mozilla firefox 2.0.0.18
mozilla firefox 3.5
mozilla firefox 3.5.6
mozilla firefox
mozilla firefox 2.0.0.19
mozilla firefox 0.10
mozilla firefox 1.0.1
mozilla firefox 3.0.5
mozilla firefox 1.0.4
mozilla firefox 1.0.7
mozilla firefox 3.0.7
mozilla firefox 2.0.0.17
mozilla firefox 0.6.1
mozilla firefox 0.7
mozilla firefox 3.0.9
mozilla firefox 0.1
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.6
mozilla firefox 1.5.5
mozilla firefox 3.0.2
mozilla firefox 2.0.0.1
mozilla firefox 3.5.1
mozilla firefox 3.0.11
mozilla firefox 3.0.4
mozilla firefox 3.0.13
mozilla firefox 3.5.3
mozilla firefox 3.5.4
mozilla firefox 2.0.0.14
mozilla firefox 0.9.1
mozilla firefox 0.9
mozilla firefox 1.0.3
mozilla firefox 1.0.8
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 0.3
mozilla firefox 0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 2.0
mozilla firefox 1.8
mozilla firefox 3.0.15
mozilla firefox 2.0.0.4
mozilla firefox 3.5.14
mozilla firefox 3.5.12
mozilla firefox 3.0.6
mozilla firefox 3.0.10
mozilla firefox 3.5.7
mozilla firefox 3.5.8

Firefox could be made to crash or run programs as your login if it opened a specially crafted website ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: For the stable distribution (lenny), these problems have been fixed in version 19019-7 For the upcoming stable version (squeeze) and the unstable distri ...

Mozilla Foundation Security Advisory 2010-82 Incomplete fix for CVE-2010-0179 Announced December 9, 2010 Reporter moz_bug_r_a4 Impact Critical Products Firefox, SeaMonkey Fixed in ...

NVD-CWE-Other http://www.mozilla.org/security/announce/2010/mfsa2010-82.html https://bugzilla.mozilla.org/show_bug.cgi?id=554449 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://www.redhat.com/support/errata/RHSA-2010-0966.html http://www.ubuntu.com/usn/USN-1019-1 http://www.debian.org/security/2010/dsa-2132 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://secunia.com/advisories/42716 http://support.avaya.com/css/P8/documents/100124650 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://www.vupen.com/english/advisories/2011/0030 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 http://secunia.com/advisories/42818 http://www.securityfocus.com/bid/45354 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11960 https://usn.ubuntu.com/1019-1/https://nvd.nist.gov

Get Started

CVE-2010-3773

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect