CVE-2010-1207 — Mozilla Firefox vulnerability

CWE-2648 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 30

Latest updateMay 2

Description

Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox3.6.6+4

▶NVDmozilla/thunderbird3.1

🔴Vulnerability Details

GHSA

GHSA-pfmg-rcmr-r4cf: Mozilla Firefox before 3↗2022-05-02

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Red Hat

Mozilla Same-origin bypass using canvas context↗2010-07-20

▶

💬Community

Bugzilla

CVE-2010-1207 Mozilla Same-origin bypass using canvas context↗2010-07-16

▶