Published: 10/12/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Mozilla Firefox prior to 3.5.16 and 3.6.x prior to 3.6.13, and SeaMonkey prior to 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote malicious users to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.6.3
mozilla firefox 3.6.4
mozilla firefox 3.6.12
mozilla firefox 3.6.8
mozilla firefox 3.6.10
mozilla firefox 3.6.6
mozilla firefox 3.6.7
mozilla firefox 3.6
mozilla firefox 3.6.2
mozilla firefox 3.6.9
mozilla firefox 3.6.11
mozilla seamonkey 1.0.6
mozilla seamonkey 1.0.7
mozilla seamonkey 1.0
mozilla seamonkey 1.1.11
mozilla seamonkey 1.1.12
mozilla seamonkey 1.1.19
mozilla seamonkey 1.1.2
mozilla seamonkey 1.1.9
mozilla seamonkey 1.0.2
mozilla seamonkey 1.0.3
mozilla seamonkey 1.1
mozilla seamonkey 1.1.1
mozilla seamonkey 1.1.15
mozilla seamonkey 1.1.16
mozilla seamonkey 1.1.5
mozilla seamonkey 1.1.6
mozilla seamonkey 1.5.0.8
mozilla seamonkey 1.5.0.9
mozilla seamonkey 2.0
mozilla seamonkey 2.0.8
mozilla seamonkey 2.0.9
mozilla seamonkey 2.0.3
mozilla seamonkey 2.0.4
mozilla seamonkey 2.0.5
mozilla seamonkey 1.0.1
mozilla seamonkey 1.0.8
mozilla seamonkey 1.0.9
mozilla seamonkey 1.1.13
mozilla seamonkey 1.1.14
mozilla seamonkey 1.1.3
mozilla seamonkey 1.1.4
mozilla seamonkey 1.5.0.10
mozilla seamonkey 2.0.6
mozilla seamonkey 2.0.7
mozilla seamonkey 1.0.4
mozilla seamonkey 1.0.5
mozilla seamonkey 1.1.10
mozilla seamonkey 1.1.17
mozilla seamonkey 1.1.18
mozilla seamonkey 1.1.7
mozilla seamonkey 1.1.8
mozilla seamonkey 2.0.1
mozilla seamonkey 2.0.2
mozilla seamonkey
mozilla firefox 0.10
mozilla firefox 0.8
mozilla firefox 2.0.0.20
mozilla firefox 1.0
mozilla firefox 1.0.7
mozilla firefox 1.0.6
mozilla firefox 2.0.0.17
mozilla firefox 2.0.0.10
mozilla firefox 3.0.16
mozilla firefox 0.7.1
mozilla firefox 3.5.2
mozilla firefox 0.1
mozilla firefox 0.2
mozilla firefox 1.5.0.1
mozilla firefox 1.5.0.10
mozilla firefox 1.5.0.6
mozilla firefox 1.5.0.7
mozilla firefox 1.5.5
mozilla firefox 2.0.0.14
mozilla firefox 2.0.0.12
mozilla firefox 0.9.3
mozilla firefox 0.9.2
mozilla firefox 1.0.2
mozilla firefox 3.0
mozilla firefox 1.0.8
mozilla firefox 3.0.17
mozilla firefox 1.4.1
mozilla firefox 2.0.0.15
mozilla firefox 0.4
mozilla firefox 0.5
mozilla firefox 1.5.0.2
mozilla firefox 1.5.0.3
mozilla firefox 1.5.1
mozilla firefox 1.5.2
mozilla firefox 1.8
mozilla firefox 1.5.8
mozilla firefox 2.0.0.4
mozilla firefox 2.0.0.3
mozilla firefox 2.0.0.2
mozilla firefox 3.0.3
mozilla firefox 3.5.13
mozilla firefox 3.0.10
mozilla firefox 3.0.8
mozilla firefox 3.5.8
mozilla firefox 3.5.9
mozilla firefox 3.5.5
mozilla firefox 2.0.0.6
mozilla firefox 3.0.14
mozilla firefox 3.5.10
mozilla firefox 3.0.12
mozilla firefox 2.0.0.8
mozilla firefox 3.0.13
mozilla firefox 2.0.0.18
mozilla firefox 3.5.6
mozilla firefox
mozilla firefox 3.0.1
mozilla firefox 2.0.0.19
mozilla firefox 1.0.1
mozilla firefox 3.0.5
mozilla firefox 1.0.5
mozilla firefox 1.0.4
mozilla firefox 3.5.11
mozilla firefox 3.0.7
mozilla firefox 0.6.1
mozilla firefox 0.7
mozilla firefox 0.6
mozilla firefox 3.0.9
mozilla firefox 1.5.0.11
mozilla firefox 2.0.0.7
mozilla firefox 1.5.0.12
mozilla firefox 1.5.0.8
mozilla firefox 1.5.0.9
mozilla firefox 1.5.7
mozilla firefox 1.5.6
mozilla firefox 3.0.2
mozilla firefox 2.0.0.1
mozilla firefox 3.5.1
mozilla firefox 3.0.11
mozilla firefox 1.5
mozilla firefox 3.0.4
mozilla firefox 3.5.3
mozilla firefox 3.5.4
mozilla firefox 0.10.1
mozilla firefox 0.9.1
mozilla firefox 0.9
mozilla firefox 1.0.3
mozilla firefox 2.0.0.9
mozilla firefox 2.0.0.16
mozilla firefox 2.0.0.11
mozilla firefox 0.3
mozilla firefox 1.5.0.4
mozilla firefox 1.5.0.5
mozilla firefox 1.5.3
mozilla firefox 1.5.4
mozilla firefox 2.0
mozilla firefox 2.0.0.5
mozilla firefox 3.0.15
mozilla firefox 3.5.14
mozilla firefox 3.5.12
mozilla firefox 2.0.0.13
mozilla firefox 3.0.6
mozilla firefox 3.5
mozilla firefox 3.5.7

Firefox could be made to crash or run programs as your login if it opened a specially crafted website ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications The Common Vulnerabilities and Exposures project identifies the following problems: For the stable distribution (lenny), these problems have been fixed in version 19019-7 For the upcoming stable version (squeeze) and the unstable distri ...

Mozilla Foundation Security Advisory 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh Announced December 9, 2010 Reporter Gregory Fleischer Impact Critical Products Firefox, SeaMonkey Fix ...

NVD-CWE-Other https://bugzilla.mozilla.org/show_bug.cgi?id=610525 https://bugzilla.mozilla.org/show_bug.cgi?id=611897 http://www.mozilla.org/security/announce/2010/mfsa2010-79.html https://bugzilla.mozilla.org/show_bug.cgi?id=589041 http://www.securityfocus.com/bid/45355 http://secunia.com/advisories/42716 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://support.avaya.com/css/P8/documents/100124650 http://www.securitytracker.com/id?1024848 http://www.redhat.com/support/errata/RHSA-2010-0966.html http://www.redhat.com/support/errata/RHSA-2010-0967.html http://www.debian.org/security/2010/dsa-2132 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://www.ubuntu.com/usn/USN-1019-1 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://www.vupen.com/english/advisories/2011/0030 http://secunia.com/advisories/42818 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11666 https://usn.ubuntu.com/1019-1/https://nvd.nist.gov

Get Started

CVE-2010-3775

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect