CVE-2010-2768

MEDIUM

Description

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.

ID	Name	Product	Family	Severity
75733	openSUSE Security Update : seamonkey (seamonkey-3372)	Nessus	SuSE Local Security Checks	high
75732	openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)	Nessus	SuSE Local Security Checks	high
75671	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)	Nessus	SuSE Local Security Checks	high
75670	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)	Nessus	SuSE Local Security Checks	high
75660	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)	Nessus	SuSE Local Security Checks	high
75659	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)	Nessus	SuSE Local Security Checks	high
75647	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)	Nessus	SuSE Local Security Checks	high
68099	Oracle Linux 4 : thunderbird (ELSA-2010-0682)	Nessus	Oracle Linux Local Security Checks	high
68098	Oracle Linux 4 / 5 : firefox (ELSA-2010-0681)	Nessus	Oracle Linux Local Security Checks	high
68097	Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0680)	Nessus	Oracle Linux Local Security Checks	high
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60855	Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60853	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
60849	Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
53540	RHEL 4 / 5 : firefox (RHSA-2010:0681)	Nessus	Red Hat Local Security Checks	high
50951	SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)	Nessus	SuSE Local Security Checks	high
50875	SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3159 / 3160)	Nessus	SuSE Local Security Checks	high
50488	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)	Nessus	SuSE Local Security Checks	high
50466	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)	Nessus	SuSE Local Security Checks	high
50462	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)	Nessus	SuSE Local Security Checks	high
50376	openSUSE Security Update : seamonkey (seamonkey-3372)	Nessus	SuSE Local Security Checks	high
50372	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)	Nessus	SuSE Local Security Checks	high
50371	openSUSE Security Update : seamonkey (seamonkey-3372)	Nessus	SuSE Local Security Checks	high
50366	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)	Nessus	SuSE Local Security Checks	high
49947	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)	Nessus	SuSE Local Security Checks	high
49946	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)	Nessus	SuSE Local Security Checks	high
49945	openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)	Nessus	SuSE Local Security Checks	high
49944	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3154)	Nessus	SuSE Local Security Checks	high
49282	openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)	Nessus	SuSE Local Security Checks	high
49281	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)	Nessus	SuSE Local Security Checks	high
49280	openSUSE Security Update : seamonkey (openSUSE-SU-2010:0632-2)	Nessus	SuSE Local Security Checks	high
49279	openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)	Nessus	SuSE Local Security Checks	high
49269	Ubuntu 10.04 LTS : thunderbird regression (USN-978-2)	Nessus	Ubuntu Local Security Checks	high
49268	Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 regression (USN-975-2)	Nessus	Ubuntu Local Security Checks	high
49202	Mandriva Linux Security Advisory : firefox (MDVSA-2010:173)	Nessus	Mandriva Local Security Checks	high
49183	CentOS 4 / 5 : thunderbird (CESA-2010:0682)	Nessus	CentOS Local Security Checks	high
49182	CentOS 4 / 5 : firefox (CESA-2010:0681)	Nessus	CentOS Local Security Checks	high
49181	CentOS 3 / 4 : seamonkey (CESA-2010:0680)	Nessus	CentOS Local Security Checks	high
49170	Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-978-1)	Nessus	Ubuntu Local Security Checks	high
49169	Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-975-1)	Nessus	Ubuntu Local Security Checks	high
49166	FreeBSD : mozilla -- multiple vulnerabilities (4a21ce2c-bb13-11df-8e32-000f20797ede)	Nessus	FreeBSD Local Security Checks	high
49164	Fedora 12 : firefox-3.5.12-1.fc12 / galeon-2.0.7-25.fc12 / gnome-python2-extras-2.25.3-20.fc12 / etc (2010-14362)	Nessus	Fedora Local Security Checks	high
49151	Debian DSA-2106-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	high
800885	SeaMonkey < 2.0.7 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800747	Firefox 3.6.x < 3.6.9 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800739	Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
49149	SeaMonkey < 2.0.7 Multiple Vulnerabilities	Nessus	Windows	high
49148	Mozilla Thunderbird 3.1 < 3.1.3 Multiple Vulnerabilities	Nessus	Windows	high
49147	Mozilla Thunderbird < 3.0.7 Multiple Vulnerabilities	Nessus	Windows	high
49146	Firefox 3.6 < 3.6.9 Multiple Vulnerabilities	Nessus	Windows	high
49145	Firefox < 3.5.12 Multiple Vulnerabilities	Nessus	Windows	high
49133	RHEL 4 / 5 : thunderbird (RHSA-2010:0682)	Nessus	Red Hat Local Security Checks	high
49132	RHEL 3 / 4 : seamonkey (RHSA-2010:0680)	Nessus	Red Hat Local Security Checks	high
5660	SeaMonkey < 2.0.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5659	Mozilla Thunderbird < 3.1.3 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5658	Mozilla Thunderbird 3.0.x < 3.0.7 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
5657	Mozilla Firefox 3.6.x < 3.6.9 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5656	Mozilla Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium

CVE-2010-2768

Description

References

Details

Risk Information

CVSS v2.0