Lucene search
Ubuntu.comUB:CVE-2010-3774HistoryDec 09, 2010 - 12:00 a.m.
CVE-2010-3774
2010-12-0900:00:00
ubuntu.com
ubuntu.com
10
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
74.3%
The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before
2.0.11, does not properly handle (1) about:neterror and (2) about:certerror
pages, which allows remote attackers to spoof the location bar via a
crafted web site.
Notes
| Author | Note |
|---|---|
| jdstrand | Ubuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 10.04 | noarch | firefox | < 3.6.13+build3+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | firefox | < 3.6.13+build3+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | firefox-3.0 | < 3.6.13+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | firefox-3.5 | < 3.6.13+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
| ubuntu | 10.04 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.10.04.1 | UNKNOWN |
| ubuntu | 10.10 | noarch | seamonkey | < 2.0.11+build1+nobinonly-0ubuntu0.10.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | xulrunner-1.9.2 | < 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 9.10 | noarch | xulrunner-1.9.2 | < 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1 | UNKNOWN |
Related
mozilla
mozilla
Location bar SSL spoofing using network error page — Mozilla
2010-12-09 00:00:00
nvd
nvd
CVE-2010-3774
2010-12-10 19:00:02
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-83
2010-12-10 00:00:00
Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
2010-12-10 00:00:00
prion
prion
Code injection
2010-12-10 19:00:00
cvelist
cvelist
CVE-2010-3774
2010-12-10 18:00:00
cve
cve
CVE-2010-3774
2010-12-10 19:00:02
veracode
veracode
Spoofing Attack
2020-04-10 00:52:33
openvas
openvas
Mozilla Products Multiple Vulnerabilities (MFSA2010-76, MFSA2010-80, MFSA2010-81, MFSA2010-84) - Windows
2010-12-27 00:00:00
Mozilla Products Multiple Vulnerabilities dec-10 (Windows)
2010-12-27 00:00:00
Oracle: Security Advisory (ELSA-2010-0966)
2015-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: firefox-3.6.13-1.fc13
2010-12-10 20:25:42
[SECURITY] Fedora 14 Update: gnome-python2-extras-2.25.3-26.fc14.1
2010-12-10 20:27:49
[SECURITY] Fedora 13 Update: mozvoikko-1.0-17.fc13
2010-12-10 20:25:42
oraclelinux
oraclelinux
firefox security update
2010-12-10 00:00:00
nessus
nessus
Fedora 13 : firefox-3.6.13-1.fc13 / galeon-2.0.7-36.fc13 / gnome-python2-extras-2.25.3-25.fc13 / etc (2010-18775)
2010-12-12 00:00:00
Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : firefox, firefox-{3.0,3.5}, xulrunner-1.9.{1,2} vulnerabilities (USN-1019-1)
2010-12-10 00:00:00
Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
2012-08-01 00:00:00
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2010-12-09 00:00:00
redhat
redhat
(RHSA-2010:0966) Critical: firefox security update
2010-12-09 00:00:00
centos
centos
firefox security update
2011-01-27 08:53:21
debian
debian
[BSA-013] Security Update for iceweasel
2011-01-02 19:45:28
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,Seamonkey
2011-01-05 11:25:44
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-12-09 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
0.004
Percentile
74.3%
Related for UB:CVE-2010-3774