CVE-2010-0182

critical

Description

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618

https://exchange.xforce.ibmcloud.com/vulnerabilities/57396

https://bugzilla.mozilla.org/show_bug.cgi?id=490790

http://www.vupen.com/english/advisories/2010/1557

http://www.vupen.com/english/advisories/2010/0849

http://www.vupen.com/english/advisories/2010/0748

http://www.securityfocus.com/bid/39479

http://www.redhat.com/support/errata/RHSA-2010-0501.html

http://www.redhat.com/support/errata/RHSA-2010-0500.html

http://www.mozilla.org/security/announce/2010/mfsa2010-24.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:070

http://ubuntu.com/usn/usn-921-1

http://support.avaya.com/css/P8/documents/100091069

http://secunia.com/advisories/39397

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Details

Source: Mitre, NVD

Published: 2010-04-05

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical