CVE-2010-3770

Description

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html

http://secunia.com/advisories/42716

http://secunia.com/advisories/42818

http://support.avaya.com/css/P8/documents/100124650

http://www.debian.org/security/2010/dsa-2132

http://www.mandriva.com/security/advisories?name=MDVSA-2010:251

http://www.mozilla.org/security/announce/2010/mfsa2010-84.html

http://www.redhat.com/support/errata/RHSA-2010-0966.html

http://www.securityfocus.com/bid/45353

http://www.securitytracker.com/id?1024851

http://www.ubuntu.com/usn/USN-1019-1

http://www.vupen.com/english/advisories/2011/0030

https://bugzilla.mozilla.org/show_bug.cgi?id=601429

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348

Details

Risk Information

CVSS v2