CVE-2010-1213 — Improper Input Validation in Mozilla Seamonkey

CWE-20 — Improper Input Validation11 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 59.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 30

Latest updateMay 2

Description

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.0.5+39

▶NVDmozilla/firefox15 versions+14

▶NVDmozilla/thunderbird7 versions+6

🔴Vulnerability Details

GHSA

GHSA-m896-jx8r-g62c: The importScripts Web Worker method in Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-1213: The importScripts Web Worker method in Mozilla Firefox 3↗2010-07-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Outlook Express - NNTP Response Parsing Buffer Overflow (MS05-030) (Metasploit)↗2010-05-09

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

💬Community

Bugzilla

CVE-2010-1213 Mozilla Cross-origin data disclosure via Web Workers and importScripts↗2010-07-16

▶