CVE-2010-0162

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

http://secunia.com/advisories/37242

http://secunia.com/advisories/38847

http://www.debian.org/security/2010/dsa-1999

http://www.mandriva.com/security/advisories?name=MDVSA-2010:042

http://www.mozilla.org/security/announce/2010/mfsa2010-05.html

http://www.redhat.com/support/errata/RHSA-2010-0112.html

http://www.ubuntu.com/usn/USN-895-1

http://www.ubuntu.com/usn/USN-896-1

http://www.vupen.com/english/advisories/2010/0405

https://bugzilla.mozilla.org/show_bug.cgi?id=455472

https://exchange.xforce.ibmcloud.com/vulnerabilities/56363

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10697

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8631

Details

Source: MITRE

Published: 2010-02-22

Updated: 2017-09-19

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

Tenable Plugins

View all (31 total)

IDNameProductFamilySeverity
68000Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)NessusOracle Linux Local Security Checks
critical
67999Oracle Linux 4 / 5 : firefox (ELSA-2010-0112)NessusOracle Linux Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
49900SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)NessusSuSE Local Security Checks
critical
49891SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)NessusSuSE Local Security Checks
critical
47288Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936)NessusFedora Local Security Checks
critical
47285Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)NessusFedora Local Security Checks
critical
47268Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)NessusFedora Local Security Checks
critical
44911SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871)NessusSuSE Local Security Checks
critical
44910SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)NessusSuSE Local Security Checks
critical
44909SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)NessusSuSE Local Security Checks
critical
44907SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)NessusSuSE Local Security Checks
critical
44906openSUSE Security Update : seamonkey (seamonkey-2013)NessusSuSE Local Security Checks
critical
44903openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)NessusSuSE Local Security Checks
critical
44901openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)NessusSuSE Local Security Checks
critical
44899openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)NessusSuSE Local Security Checks
critical
44863Debian DSA-1999-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
critical
44672Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)NessusMandriva Local Security Checks
critical
44661FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede)NessusFreeBSD Local Security Checks
critical
801219Mozilla SeaMonkey < 2.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5343SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5342Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
44660SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessusWindows
high
44659Firefox 3.5 < 3.5.8 Multiple VulnerabilitiesNessusWindows
high
44658Firefox < 3.0.18 Multiple VulnerabilitiesNessusWindows
high
44656Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1)NessusUbuntu Local Security Checks
critical
44655Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1)NessusUbuntu Local Security Checks
critical
44652RHEL 3 / 4 : seamonkey (RHSA-2010:0113)NessusRed Hat Local Security Checks
critical
44651RHEL 4 / 5 : firefox (RHSA-2010:0112)NessusRed Hat Local Security Checks
critical
44649CentOS 3 / 4 : seamonkey (CESA-2010:0113)NessusCentOS Local Security Checks
critical
44648CentOS 4 / 5 : firefox (CESA-2010:0112)NessusCentOS Local Security Checks
critical