CVE-2010-0179 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection12 documents6 sources

Severity

6.8MEDIUMNVD

NVD5.1CNA5.1

EPSS

0.7%

top 27.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedApr 5

Latest updateMay 17

Description

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox3.5.15+114

▶NVDmozilla/seamonkey2.0.10+44

▶NVDmozilla/thunderbird3.0.3+60

🔴Vulnerability Details

GHSA

GHSA-9944-54j7-5276: Mozilla Firefox before 3↗2022-05-17

▶

GHSA

GHSA-hp7g-4p49-x89c: Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2010-3773: Mozilla Firefox before 3↗2010-12-10

▶

CVEList

CVE-2010-0179: Mozilla Firefox before 3↗2010-04-05

▶

📋Vendor Advisories

Red Hat

Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)↗2010-12-09

▶

Ubuntu

Firefox 3.0 and Xulrunner vulnerabilities↗2010-04-09

▶

Ubuntu

Firefox 3.5 and Xulrunner vulnerabilities↗2010-04-09

▶

Red Hat

Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy↗2010-03-30

▶

💬Community

Bugzilla

CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)↗2010-12-06

▶

Bugzilla

CVE-2010-0179 Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy↗2010-03-30

▶