[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-0182

Date: (C)2010-04-05   (M)2017-11-18 


The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

CVSS Score: 4.3Access Vector: NETWORK
Exploit Score: 8.6Access Complexity: MEDIUM
Impact Score: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE





Reference:
SECUNIA-39397
BID-39479
ADV-2010-0748
ADV-2010-0849
ADV-2010-1557
MDVSA-2010:070
RHSA-2010:0500
RHSA-2010:0501
SUSE-SR:2010:013
USN-921-1
firefox-xmldocumentload-weak-security(57396)
http://support.avaya.com/css/P8/documents/100091069
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=490790

CPE    209
cpe:/a:mozilla:thunderbird:2.0.14
cpe:/a:mozilla:seamonkey:1.1::beta
cpe:/a:mozilla:seamonkey:1.1::alpha
cpe:/a:mozilla:firefox:0.7
...
CWE    1
CWE-20
OVAL    15
oval:org.mitre.oval:def:7618
oval:org.secpod.oval:def:100710
oval:org.secpod.oval:def:100805
oval:org.secpod.oval:def:400047
...

© 2013 SecPod Technologies