CVE-2010-2762

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

http://secunia.com/advisories/42867

http://support.avaya.com/css/P8/documents/100112690

http://www.mandriva.com/security/advisories?name=MDVSA-2010:173

http://www.mozilla.org/security/announce/2010/mfsa2010-59.html

http://www.securityfocus.com/bid/43092

http://www.vupen.com/english/advisories/2010/2323

http://www.vupen.com/english/advisories/2011/0061

https://bugzilla.mozilla.org/show_bug.cgi?id=584180

https://exchange.xforce.ibmcloud.com/vulnerabilities/61656

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492

Details

Source: MITRE

Published: 2010-09-09

Updated: 2017-09-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (41 total)

IDNameProductFamilySeverity
75733openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
75732openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)NessusSuSE Local Security Checks
high
75671openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
75670openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)NessusSuSE Local Security Checks
high
75660openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
75659openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)NessusSuSE Local Security Checks
high
75647openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)NessusSuSE Local Security Checks
high
68099Oracle Linux 4 : thunderbird (ELSA-2010-0682)NessusOracle Linux Local Security Checks
high
68098Oracle Linux 4 / 5 : firefox (ELSA-2010-0681)NessusOracle Linux Local Security Checks
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60849Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
53540RHEL 4 / 5 : firefox (RHSA-2010:0681)NessusRed Hat Local Security Checks
high
50951SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)NessusSuSE Local Security Checks
high
50875SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3159 / 3160)NessusSuSE Local Security Checks
high
50488SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)NessusSuSE Local Security Checks
high
50466openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
50462openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
50376openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
50372openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
50371openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
50366openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
49947openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)NessusSuSE Local Security Checks
high
49946openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)NessusSuSE Local Security Checks
high
49945openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)NessusSuSE Local Security Checks
high
49944openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)NessusSuSE Local Security Checks
high
49282openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)NessusSuSE Local Security Checks
high
49281openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)NessusSuSE Local Security Checks
high
49280openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)NessusSuSE Local Security Checks
high
49279openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)NessusSuSE Local Security Checks
high
49268Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2)NessusUbuntu Local Security Checks
high
49202Mandriva Linux Security Advisory : firefox (MDVSA-2010:173)NessusMandriva Local Security Checks
high
49183CentOS 4 / 5 : thunderbird (CESA-2010:0682)NessusCentOS Local Security Checks
high
49182CentOS 4 / 5 : firefox (CESA-2010:0681)NessusCentOS Local Security Checks
high
49169Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1)NessusUbuntu Local Security Checks
high
49166FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)NessusFreeBSD Local Security Checks
high
800747Firefox 3.6.x < 3.6.9 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5659Mozilla Thunderbird < 3.1.3 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
5657Mozilla Firefox 3.6.x < 3.6.9 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
49148Mozilla Thunderbird 3.1 < 3.1.3 Multiple VulnerabilitiesNessusWindows
high
49146Firefox 3.6 < 3.6.9 Multiple VulnerabilitiesNessusWindows
high
49133RHEL 4 / 5 : thunderbird (RHSA-2010:0682)NessusRed Hat Local Security Checks
high