CVE-2010-0162 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.8%

top 25.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedFeb 22

Latest updateMay 2

Description

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox25 versions+24

▶NVDmozilla/seamonkey31 versions+30

🔴Vulnerability Details

GHSA

GHSA-g94q-cc43-mm5v: Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-0162: Mozilla Firefox 3↗2010-02-21

▶

📋Vendor Advisories

Ubuntu

Firefox 3.0 and Xulrunner 1.9 vulnerabilities↗2010-02-17

▶

Ubuntu

Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities↗2010-02-17

▶

Red Hat

Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)↗2010-02-17

▶

💬Community

Bugzilla

CVE-2010-4258 kernel: failure to revert address limit override in OOPS error path [rhel-4.8.z]↗2010-12-03

▶

Bugzilla

CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)↗2010-02-17

▶