Detections
Analytics

CVE-2010-3770

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348

https://bugzilla.mozilla.org/show_bug.cgi?id=601429

http://www.vupen.com/english/advisories/2011/0030

http://www.ubuntu.com/usn/USN-1019-1

http://www.securitytracker.com/id?1024851

http://www.securityfocus.com/bid/45353

http://www.redhat.com/support/errata/RHSA-2010-0966.html

http://www.mozilla.org/security/announce/2010/mfsa2010-84.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:251

http://www.debian.org/security/2010/dsa-2132

http://support.avaya.com/css/P8/documents/100124650

http://secunia.com/advisories/42818

http://secunia.com/advisories/42716

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html

Details

Source: Mitre, NVD

Published: 2010-12-10

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.09641