CVE-2010-1585Improper Input Validation in Mozilla Firefox

CWE-20Improper Input Validation9 documents6 sources
Severity
9.3CRITICALNVD
EPSS
1.5%
top 19.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedApr 28
Latest updateMay 14

Description

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmozilla/firefox3.5.16+97
NVDmozilla/seamonkey2.0.11+44
NVDmozilla/thunderbird3.1.7+79

🔴Vulnerability Details

2
GHSA
GHSA-xp93-22jw-4857: The nsIScriptableUnescapeHTML2022-05-14
CVEList
CVE-2010-1585: The nsIScriptableUnescapeHTML2010-04-28

📋Vendor Advisories

5
Ubuntu
Xulrunner vulnerabilities2011-04-30
Ubuntu
Firefox and Xulrunner regression2011-03-07
Ubuntu
Thunderbird vulnerabilities2011-03-03
Ubuntu
Firefox and Xulrunner vulnerabilities2011-03-03
Red Hat
javascript: URLs in chrome documents (MFSA 2011-08)2011-03-01

💬Community

1
Bugzilla
CVE-2010-1585 Mozilla ParanoidFragmentSink allows javascript: URLs in chrome documents (MFSA 2011-08)2011-02-04
CVE-2010-1585 — Improper Input Validation in Mozilla | cvebase