CVE-2010-3178Mozilla Firefox vulnerability

CWE-2647 documents6 sources
Severity
5.8MEDIUMNVD
EPSS
0.9%
top 25.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedOct 21
Latest updateMay 17

Description

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages3 packages

NVDmozilla/firefox3.5.13+91
NVDmozilla/seamonkey2.0.8+41
NVDmozilla/thunderbird3.0.8+71

🔴Vulnerability Details

2
GHSA
GHSA-f7fh-pf49-jf37: Mozilla Firefox before 32022-05-17
CVEList
CVE-2010-3178: Mozilla Firefox before 32010-10-21

📋Vendor Advisories

3
Ubuntu
Thunderbird vulnerabilities2010-10-20
Ubuntu
Firefox and Xulrunner vulnerabilities2010-10-20
Red Hat
Mozilla cross-site information disclosure via modal calls2010-10-19

💬Community

1
Bugzilla
CVE-2010-3178 Mozilla cross-site information disclosure via modal calls2010-10-12
CVE-2010-3178 — Mozilla Firefox vulnerability | cvebase