CVE-2010-2754 — Sensitive Information Exposure in Mozilla Seamonkey

CWE-200 — Sensitive Information Exposure11 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 37.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedJul 30

Latest updateMay 17

Description

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.0.5+39

▶NVDmozilla/firefox14 versions+13

▶NVDmozilla/thunderbird7 versions+6

🔴Vulnerability Details

GHSA

GHSA-whp6-g3v5-mxmh: dom/base/nsJSEnvironment↗2022-05-17

▶

CVEList

CVE-2010-2754: dom/base/nsJSEnvironment↗2010-07-29

▶

💥Exploits & PoCs

Exploit-DB

Multiple Vendor 'librpc.dll' Signedness Error - Remote Code Execution↗2010-04-08

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

💬Community

Bugzilla

CVE-2010-2754 Mozilla Cross-origin data leakage from script filename in error messages↗2010-07-16

▶