CVE-2010-2751 — Mozilla Seamonkey vulnerability

CWE-2649 documents6 sources

Severity

2.6LOWNVD

EPSS

0.4%

top 41.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox

Timeline

PublishedJul 30

Latest updateMay 17

Description

The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/seamonkey2.0.5+39

▶NVDmozilla/firefox14 versions+13

🔴Vulnerability Details

GHSA

GHSA-rgc3-g75g-jr7f: The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell↗2022-05-17

▶

CVEList

CVE-2010-2751: The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell↗2010-07-30

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Red Hat

Mozilla SSL spoofing with history.back() and history.forward()↗2010-07-20

▶

💬Community

Bugzilla

CVE-2010-2751 Mozilla SSL spoofing with history.back() and history.forward()↗2010-07-16

▶