Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-1585 | First vendor Publication | 2010-04-28 |
Vendor | Cve | Last vendor Modification | 2018-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1585 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:12532 | |||
Oval ID: | oval:org.mitre.oval:def:12532 | ||
Title: | Remote code execution vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 through ParanoidFragmentSink protection mechanism | ||
Description: | The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1585 | Version: | 21 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Mozilla Firefox Mozilla Thunderbird Mozilla SeaMonkey |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-07-09 | Name : RedHat Update for thunderbird RHSA-2011:0311-01 File : nvt/gb_RHSA-2011_0311-01_thunderbird.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2186-1 (iceweasel) File : nvt/deb_2186_1.nasl |
2011-05-12 | Name : Debian Security Advisory DSA 2187-1 (icedove) File : nvt/deb_2187_1.nasl |
2011-05-10 | Name : Ubuntu Update for xulrunner-1.9.1 USN-1123-1 File : nvt/gb_ubuntu_USN_1123_1.nasl |
2011-05-05 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:080 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_080.nasl |
2011-03-25 | Name : CentOS Update for thunderbird CESA-2011:0374 centos4 i386 File : nvt/gb_CESA-2011_0374_thunderbird_centos4_i386.nasl |
2011-03-25 | Name : RedHat Update for thunderbird RHSA-2011:0374-01 File : nvt/gb_RHSA-2011_0374-01_thunderbird.nasl |
2011-03-15 | Name : Mandriva Update for mozilla-thunderbird MDVSA-2011:042 (mozilla-thunderbird) File : nvt/gb_mandriva_MDVSA_2011_042.nasl |
2011-03-15 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-2 File : nvt/gb_ubuntu_USN_1049_2.nasl |
2011-03-09 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox54.nasl |
2011-03-09 | Name : Debian Security Advisory DSA 2180-1 (iceape) File : nvt/deb_2180_1.nasl |
2011-03-08 | Name : Mandriva Update for firefox MDVSA-2011:041 (firefox) File : nvt/gb_mandriva_MDVSA_2011_041.nasl |
2011-03-07 | Name : CentOS Update for firefox CESA-2011:0310 centos4 i386 File : nvt/gb_CESA-2011_0310_firefox_centos4_i386.nasl |
2011-03-07 | Name : RedHat Update for firefox RHSA-2011:0310-01 File : nvt/gb_RHSA-2011_0310-01_firefox.nasl |
2011-03-07 | Name : Ubuntu Update for Firefox and Xulrunner vulnerabilities USN-1049-1 File : nvt/gb_ubuntu_USN_1049_1.nasl |
2011-03-07 | Name : Ubuntu Update for thunderbird vulnerabilities USN-1050-1 File : nvt/gb_ubuntu_USN_1050_1.nasl |
2010-05-04 | Name : Mozilla Firefox Code Execution Vulnerability (Win) - May10 File : nvt/gb_firefox_code_exe_vuln_win_may10.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72465 | Mozilla Multiple Products ParanoidFragmentSink nsIScriptableUnescapeHTML.pars... Mozilla Firefox, SeaMonkey and Thunderbird contains a flaw related to the nsIScriptableUnescapeHTML.parseFragment method in ParanoidFragmentSink failing to properly sanitize HTML in chrome documents. This may allow a context-dependent attacker to execute arbitrary JavaScript code using a crafted javascript: URI. |
64150 | Mozilla Firefox nsIScriptableUnescapeHTML.parseFragment Method Multiple Eleme... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_seamonkey-110307.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_mozilla-js192-110307.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_MozillaThunderbird-110314.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_seamonkey-110302.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0374.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2011-0311.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110301_firefox_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20110301_thunderbird_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-7421.nasl - Type : ACT_GATHER_INFO |
2011-06-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1123-1.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-110302.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-110308.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaThunderbird-110302.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_mozilla-xulrunner191-110302.nasl - Type : ACT_GATHER_INFO |
2011-05-02 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-080.nasl - Type : ACT_GATHER_INFO |
2011-03-24 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO |
2011-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0374.nasl - Type : ACT_GATHER_INFO |
2011-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner191-110303.nasl - Type : ACT_GATHER_INFO |
2011-03-14 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner191-7363.nasl - Type : ACT_GATHER_INFO |
2011-03-14 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-110307.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2187.nasl - Type : ACT_GATHER_INFO |
2011-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2186.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1049-2.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-042.nasl - Type : ACT_GATHER_INFO |
2011-03-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-041.nasl - Type : ACT_GATHER_INFO |
2011-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2180.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : seamonkey_2012.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Windows host contains a mail client that is affected by multiple v... File : mozilla_thunderbird_318.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1049-1.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1050-1.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3517.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote Windows host contains a web browser affected by multiple vulnerabi... File : mozilla_firefox_3614.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0311.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0310.nasl - Type : ACT_GATHER_INFO |
2011-03-02 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_45f102cd445611e095804061862b8c22.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-10 01:12:22 |
|
2024-02-02 01:13:13 |
|
2024-02-01 12:03:37 |
|
2023-09-05 12:12:19 |
|
2023-09-05 01:03:28 |
|
2023-09-02 12:12:21 |
|
2023-09-02 01:03:30 |
|
2023-08-12 12:14:41 |
|
2023-08-12 01:03:29 |
|
2023-08-11 12:12:24 |
|
2023-08-11 01:03:38 |
|
2023-08-06 12:11:56 |
|
2023-08-06 01:03:32 |
|
2023-08-04 12:12:02 |
|
2023-08-04 01:03:33 |
|
2023-07-14 12:11:57 |
|
2023-07-14 01:03:31 |
|
2023-03-29 01:13:41 |
|
2023-03-28 12:03:37 |
|
2022-10-11 12:10:40 |
|
2022-10-11 01:03:19 |
|
2021-05-04 12:11:31 |
|
2021-04-22 01:12:06 |
|
2020-10-14 01:05:22 |
|
2020-10-03 01:05:22 |
|
2020-05-29 01:04:52 |
|
2020-05-23 01:42:01 |
|
2020-05-23 00:25:42 |
|
2019-06-25 12:03:01 |
|
2019-01-31 12:01:03 |
|
2019-01-30 12:03:16 |
|
2018-10-11 00:19:51 |
|
2018-07-13 01:03:25 |
|
2017-11-22 12:03:21 |
|
2017-11-21 12:02:33 |
|
2017-09-19 09:23:45 |
|
2017-01-07 09:25:08 |
|
2016-06-28 18:09:11 |
|
2016-04-26 19:46:17 |
|
2014-06-14 13:28:39 |
|
2014-02-17 10:55:05 |
|
2013-05-10 23:23:37 |
|