Lucene search

K

MitreCVELIST:CVE-2010-2762

HistorySep 09, 2010 - 6:00 p.m.

CVE-2010-2762

2010-09-0918:00:00

mitre

www.cve.org

5

AI Score

8.6

Confidence

High

EPSS

0.014

Percentile

86.7%

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

References

blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

secunia.com/advisories/42867

support.avaya.com/css/P8/documents/100112690

www.mandriva.com/security/advisories?name=MDVSA-2010:173

www.mozilla.org/security/announce/2010/mfsa2010-59.html

www.securityfocus.com/bid/43092

www.vupen.com/english/advisories/2010/2323

www.vupen.com/english/advisories/2011/0061

bugzilla.mozilla.org/show_bug.cgi?id=584180

exchange.xforce.ibmcloud.com/vulnerabilities/61656

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492

AI Score

8.6

Confidence

High

EPSS

0.014

Percentile

86.7%

Related for CVELIST:CVE-2010-2762

openvas23 cve1 prion1 mozilla1 securityvulns2 ubuntucve1 veracode1 nvd1 ubuntu2 oraclelinux1 redhat1 centos1 nessus38 freebsd1 suse3 gentoo1