CVE-2010-0182 — Improper Input Validation in Mozilla Firefox

CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedApr 5

Latest updateMay 2

Description

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox3.5.7+93

▶NVDmozilla/seamonkey2.0.3+34

▶NVDmozilla/thunderbird3.0.3+60

🔴Vulnerability Details

GHSA

GHSA-h98r-2r7c-g497: The XMLDocument::load function in Mozilla Firefox before 3↗2022-05-02

▶

CVEList

CVE-2010-0182: The XMLDocument::load function in Mozilla Firefox before 3↗2010-04-05

▶

📋Vendor Advisories

Ubuntu

Firefox 3.5 and Xulrunner vulnerabilities↗2010-04-09

▶

Red Hat

mozilla: XMLDocument:: load() doesn't check nsIContentPolicy (MFSA 2010-24)↗2010-03-30

▶

💬Community

Bugzilla

CVE-2010-4253 OpenOffice.org: heap based buffer overflow in PPT import↗2010-11-29

▶

Bugzilla

CVE-2010-0182 mozilla: XMLDocument::load() doesn't check nsIContentPolicy (MFSA 2010-24)↗2010-04-27

▶