Lucene search

K

MitreCVELIST:CVE-2010-2768

HistorySep 09, 2010 - 6:00 p.m.

CVE-2010-2768

2010-09-0918:00:00

mitre

www.cve.org

5

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.6%

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document’s charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.

References

blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

secunia.com/advisories/42867

support.avaya.com/css/P8/documents/100110210

support.avaya.com/css/P8/documents/100112690

www.debian.org/security/2010/dsa-2106

www.mandriva.com/security/advisories?name=MDVSA-2010:173

www.mozilla.org/security/announce/2010/mfsa2010-61.html

www.securityfocus.com/bid/43101

www.vupen.com/english/advisories/2010/2323

www.vupen.com/english/advisories/2011/0061

bugzilla.mozilla.org/show_bug.cgi?id=579744

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11735

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.6%

Related for CVELIST:CVE-2010-2768

ubuntucve1 nvd1 prion1 cve1 mozilla1 securityvulns2 veracode1 openvas55 oraclelinux3 nessus50 centos3 redhat3 debian5 osv1 fedora7 ubuntu4 freebsd1 suse3 gentoo1