CVE-2010-3773 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

6.8MEDIUMNVD

CNA5.1

EPSS

1.0%

top 22.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 10

Latest updateMay 17

Description

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDmozilla/firefox3.5.15+113

▶NVDmozilla/seamonkey2.0.10+43

🔴Vulnerability Details

GHSA

GHSA-9944-54j7-5276: Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3773: Mozilla Firefox before 3↗2010-12-10

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-12-09

▶

Red Hat

Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)↗2010-12-09

▶

💬Community

Bugzilla

CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)↗2010-12-06

▶