CVE-2010-3177

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.

References

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html

http://secunia.com/advisories/42867

http://support.avaya.com/css/P8/documents/100114250

http://support.avaya.com/css/P8/documents/100120156

http://www.debian.org/security/2010/dsa-2124

http://www.mandriva.com/security/advisories?name=MDVSA-2010:210

http://www.mozilla.org/security/announce/2010/mfsa2010-68.html

http://www.redhat.com/support/errata/RHSA-2010-0781.html

http://www.redhat.com/support/errata/RHSA-2010-0782.html

http://www.redhat.com/support/errata/RHSA-2010-0861.html

http://www.ubuntu.com/usn/USN-997-1

http://www.vupen.com/english/advisories/2011/0061

https://bugzilla.mozilla.org/show_bug.cgi?id=556734

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12202

Details

Source: MITRE

Published: 2010-10-21

Updated: 2017-09-19

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 2.0.8 (inclusive)

Configuration 3

OR

cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.5.13 (inclusive)

Tenable Plugins

View all (43 total)

IDNameProductFamilySeverity
75733openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
75671openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
75660openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
75648openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)NessusSuSE Local Security Checks
high
68121Oracle Linux 4 / 5 : firefox (ELSA-2010-0782)NessusOracle Linux Local Security Checks
high
68120Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0781)NessusOracle Linux Local Security Checks
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
60889Scientific Linux Security Update : firefox on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
high
60872Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
high
60870Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
50952SuSE 11 / 11.1 Security Update : Mozilla XULrunner (SAT Patch Numbers 3557 / 3558)NessusSuSE Local Security Checks
high
50951SuSE 11 / 11.1 Security Update : Mozilla (SAT Patch Numbers 3417 / 3419)NessusSuSE Local Security Checks
high
50876SuSE 11 / 11.1 Security Update : Mozilla Firefox (SAT Patch Numbers 3455 / 3456)NessusSuSE Local Security Checks
high
50793CentOS 4 / 5 : firefox (CESA-2010:0782)NessusCentOS Local Security Checks
high
50792CentOS 3 / 4 : seamonkey (CESA-2010:0781)NessusCentOS Local Security Checks
high
50633RHEL 6 : firefox (RHSA-2010:0861)NessusRed Hat Local Security Checks
high
50488SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7208)NessusSuSE Local Security Checks
high
50466openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
50464openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)NessusSuSE Local Security Checks
high
50462openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3421)NessusSuSE Local Security Checks
high
50460openSUSE Security Update : MozillaFirefox (MozillaFirefox-3422)NessusSuSE Local Security Checks
high
50453Debian DSA-2124-1 : xulrunner - several vulnerabilitiesNessusDebian Local Security Checks
high
50422Fedora 12 : firefox-3.5.15-1.fc12 / galeon-2.0.7-27.fc12 / gnome-python2-extras-2.25.3-22.fc12 / etc (2010-16885)NessusFedora Local Security Checks
high
50403Fedora 14 : firefox-3.6.12-1.fc14 / galeon-2.0.7-35.fc14.1 / gnome-python2-extras-2.25.3-25.fc14.1 / etc (2010-16897)NessusFedora Local Security Checks
high
50376openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
50372openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
50371openSUSE Security Update : seamonkey (seamonkey-3372)NessusSuSE Local Security Checks
high
50366openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-3378)NessusSuSE Local Security Checks
high
50356Fedora 13 : firefox-3.6.11-1.fc13 / galeon-2.0.7-34.fc13 / gnome-python2-extras-2.25.3-23.fc13 / etc (2010-16593)NessusFedora Local Security Checks
high
50314Mandriva Linux Security Advisory : firefox (MDVSA-2010:210)NessusMandriva Local Security Checks
high
50088SeaMonkey < 2.0.9 Multiple VulnerabilitiesNessusWindows
high
50085Firefox 3.6 < 3.6.11 Multiple VulnerabilitiesNessusWindows
high
50084Firefox < 3.5.14 Multiple VulnerabilitiesNessusWindows
high
50082Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-3.0, firefox-3.5, xulrunner-1.9.1, xulrunner-1.9.2 vulnerabilities (USN-997-1)NessusUbuntu Local Security Checks
high
50074FreeBSD : mozilla -- multiple vulnerabilities (c4f067b9-dc4a-11df-8e32-000f20797ede)NessusFreeBSD Local Security Checks
high
801368Mozilla Firefox 3.5.x < 3.5.14 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801306Mozilla Firefox 3.6.x < 3.6.11 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
801286Mozilla SeaMonkey 2.0.x < 2.0.9 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5685SeaMonkey 2.0.x < 2.0.9 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5682Mozilla Firefox 3.6.x < 3.6.11 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5681Mozilla Firefox 3.5.x < 3.5.14 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
50040RHEL 4 / 5 : firefox (RHSA-2010:0782)NessusRed Hat Local Security Checks
high
50039RHEL 3 / 4 : seamonkey (RHSA-2010:0781)NessusRed Hat Local Security Checks
high