CVE-2010-3775 — Mozilla Firefox vulnerability

6 documents6 sources

Severity

9.3CRITICALNVD

EPSS

3.5%

top 12.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey

Timeline

PublishedDec 10

Latest updateMay 17

Description

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmozilla/firefox3.5.15+113

▶NVDmozilla/seamonkey2.0.10+43

🔴Vulnerability Details

GHSA

GHSA-pv9h-777c-qpp2: Mozilla Firefox before 3↗2022-05-17

▶

CVEList

CVE-2010-3775: Mozilla Firefox before 3↗2010-12-10

▶

📋Vendor Advisories

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-12-09

▶

Red Hat

data: URL meta refresh (MFSA 2010-79)↗2010-12-09

▶

💬Community

Bugzilla

CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79)↗2010-12-06

▶