[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-0182

Date: (C)2010-04-05   (M)2017-09-22
 
CVSS Score: 4.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 2.9Authentication: NONE
 Confidentiality: NONE
 Integrity: PARTIAL
 Availability: NONE











The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

Reference:
SECUNIA-39397
BID-39479
ADV-2010-0748
ADV-2010-0849
ADV-2010-1557
MDVSA-2010:070
RHSA-2010:0500
RHSA-2010:0501
SUSE-SR:2010:013
USN-921-1
firefox-xmldocumentload-weak-security(57396)
http://support.avaya.com/css/P8/documents/100091069
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=490790

CPE    209
cpe:/a:mozilla:thunderbird:3.0.3
cpe:/a:mozilla:thunderbird:3.0.2
cpe:/a:mozilla:thunderbird:3.0.1
cpe:/a:mozilla:thunderbird:2.0
...
CWE    1
CWE-20
OVAL    15
oval:org.mitre.oval:def:7618
oval:org.secpod.oval:def:700098
oval:org.secpod.oval:def:100710
oval:org.secpod.oval:def:100805
...

© 2013 SecPod Technologies