CVE-2010-1585

2010-04-2800:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.023

Percentile

89.8%

JSON

The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17
and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before
2.0.12 does not properly sanitize HTML in a chrome document, which makes it
easier for remote attackers to execute arbitrary JavaScript with chrome
privileges via a javascript: URI in input to an extension, as demonstrated
by a javascript:alert sequence in (1) the HREF attribute of an A element or
(2) the ACTION attribute of a FORM element.

Notes

Author	Note
jdstrand	CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

Author

Note

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 3.6.14+build3+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchfirefox< 3.6.14+build3+nobinonly-0ubuntu0.10.10.1UNKNOWN
ubuntu8.04noarchfirefox-3.0< 3.6.14+build3+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.10noarchfirefox-3.5< 3.6.14+build3+nobinonly-0ubuntu0.9.10.1UNKNOWN
ubuntu10.04noarchthunderbird< 3.1.8+build3+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchthunderbird< 3.1.8+build3+nobinonly-0ubuntu0.10.10.1UNKNOWN
ubuntu8.04noarchxulrunner-1.9.2< 1.9.2.14+build3+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.10noarchxulrunner-1.9.2< 1.9.2.14+build3+nobinonly-0ubuntu0.9.10.1UNKNOWN
ubuntu10.04noarchxulrunner-1.9.2< 1.9.2.14+build3+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchxulrunner-1.9.2< 1.9.2.14+build3+nobinonly-0ubuntu0.10.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	firefox	< 3.6.14+build3+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	firefox	< 3.6.14+build3+nobinonly-0ubuntu0.10.10.1	UNKNOWN
ubuntu	8.04	noarch	firefox-3.0	< 3.6.14+build3+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	9.10	noarch	firefox-3.5	< 3.6.14+build3+nobinonly-0ubuntu0.9.10.1	UNKNOWN
ubuntu	10.04	noarch	thunderbird	< 3.1.8+build3+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	thunderbird	< 3.1.8+build3+nobinonly-0ubuntu0.10.10.1	UNKNOWN
ubuntu	8.04	noarch	xulrunner-1.9.2	< 1.9.2.14+build3+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	9.10	noarch	xulrunner-1.9.2	< 1.9.2.14+build3+nobinonly-0ubuntu0.9.10.1	UNKNOWN
ubuntu	10.04	noarch	xulrunner-1.9.2	< 1.9.2.14+build3+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	xulrunner-1.9.2	< 1.9.2.14+build3+nobinonly-0ubuntu0.10.10.1	UNKNOWN