Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3770 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting7 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

8.1%

top 7.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 10

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDmozilla/firefox3.5.15+113

▶NVDmozilla/seamonkey2.0.10+43

Patches

Patch: www.mozilla.org ↗Patch: bugzilla.mozilla.org ↗Patch: www.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-pw4w-9632-fcjp: Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3770: Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3↗2010-12-10

▶

💥Exploits & PoCs

Exploit-DB

Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities↗2010-12-09

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-12-09

▶

Red Hat

Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)↗2010-12-09

▶

💬Community

Bugzilla

CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)↗2010-12-06

▶