Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-0162 | First vendor Publication | 2010-02-22 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0162 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10697 | |||
Oval ID: | oval:org.mitre.oval:def:10697 | ||
Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13349 | |||
Oval ID: | oval:org.mitre.oval:def:13349 | ||
Title: | DSA-1999-1 xulrunner -- several | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. CVE-2009-3988 Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. CVE-2010-0159 Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. CVE-2010-0160 Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. CVE-2010-0162 Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. For the stable distribution, these problems have been fixed in version 1.9.0.18-1. For the unstable distribution, these problems have been fixed in version 1.9.1.8-1. We recommend that you upgrade your xulrunner packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999-1 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7463 | |||
Oval ID: | oval:org.mitre.oval:def:7463 | ||
Title: | DSA-1999 xulrunner -- several vulnerabilities | ||
Description: | Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser. The Common Vulnerabilities and Exposures project identifies the following problems: Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execution of arbitrary code. Hidetake Jo discovered that the same-origin policy can be bypassed through window.dialogArguments. Henri Sivonen, Boris Zbarsky, Zack Weinberg, Bob Clary, Martijn Wargers and Paul Nickerson reported crashes in layout engine, which might allow the execution of arbitrary code. Orlando Barrera II discovered that incorrect memory handling in the implementation of the web worker API could lead to the execution of arbitrary code. Georgi Guninski discovered that the same origin policy can be bypassed through specially crafted SVG documents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1999 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | xulrunner |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8631 | |||
Oval ID: | oval:org.mitre.oval:def:8631 | ||
Title: | Mozilla Firefox and SeaMonkey XSS hazard using SVG document and binary Content-Type | ||
Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0162 | Version: | 15 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Mozilla Firefox Mozilla Seamonkey |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for firefox CESA-2010:0112 centos5 i386 File : nvt/gb_CESA-2010_0112_firefox_centos5_i386.nasl |
2010-03-05 | Name : SuSE Update for MozillaFirefox,seamonkey SUSE-SA:2010:015 File : nvt/gb_suse_2010_015.nasl |
2010-03-02 | Name : Fedora Update for kazehakase FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_kazehakase_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany_fc11.nasl |
2010-03-02 | Name : Fedora Update for evolution-rss FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_evolution-rss_fc11.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_firefox_fc11.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_galeon_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-python2-extras_fc11.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_gnome-web-photo_fc11.nasl |
2010-03-02 | Name : Fedora Update for google-gadgets FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_google-gadgets_fc11.nasl |
2010-03-02 | Name : Fedora Update for hulahop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_hulahop_fc11.nasl |
2010-03-02 | Name : Fedora Update for eclipse FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_eclipse_fc11.nasl |
2010-03-02 | Name : Fedora Update for monodevelop FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_monodevelop_fc11.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_mozvoikko_fc11.nasl |
2010-03-02 | Name : Fedora Update for pcmanx-gtk2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_pcmanx-gtk2_fc11.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_perl-Gtk2-MozEmbed_fc11.nasl |
2010-03-02 | Name : Fedora Update for ruby-gnome2 FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_ruby-gnome2_fc11.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_xulrunner_fc11.nasl |
2010-03-02 | Name : Fedora Update for epiphany-extensions FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_epiphany-extensions_fc11.nasl |
2010-03-02 | Name : Fedora Update for chmsee FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_chmsee_fc11.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_blam_fc11.nasl |
2010-03-02 | Name : Fedora Update for Miro FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_Miro_fc11.nasl |
2010-03-02 | Name : Fedora Update for seamonkey FEDORA-2010-1932 File : nvt/gb_fedora_2010_1932_seamonkey_fc12.nasl |
2010-03-02 | Name : Fedora Update for xulrunner FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_xulrunner_fc12.nasl |
2010-03-02 | Name : Fedora Update for perl-Gtk2-MozEmbed FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_perl-Gtk2-MozEmbed_fc12.nasl |
2010-03-02 | Name : Fedora Update for mozvoikko FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_mozvoikko_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-web-photo FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-web-photo_fc12.nasl |
2010-03-02 | Name : Fedora Update for gnome-python2-extras FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_gnome-python2-extras_fc12.nasl |
2010-03-02 | Name : Fedora Update for galeon FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_galeon_fc12.nasl |
2010-03-02 | Name : Fedora Update for firefox FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_firefox_fc12.nasl |
2010-03-02 | Name : Fedora Update for blam FEDORA-2010-1727 File : nvt/gb_fedora_2010_1727_blam_fc12.nasl |
2010-03-02 | Name : Fedora Update for yelp FEDORA-2010-1936 File : nvt/gb_fedora_2010_1936_yelp_fc11.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Win) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_win01.nasl |
2010-02-26 | Name : Mozilla Products Multiple Vulnerabilities feb-10 (Lin) File : nvt/secpod_mozilla_prdts_mult_vuln_feb10_lin01.nasl |
2010-02-25 | Name : Debian Security Advisory DSA 1999-1 (xulrunner) File : nvt/deb_1999_1.nasl |
2010-02-22 | Name : Mandriva Update for firefox MDVSA-2010:042 (firefox) File : nvt/gb_mandriva_MDVSA_2010_042.nasl |
2010-02-19 | Name : RedHat Update for firefox RHSA-2010:0112-01 File : nvt/gb_RHSA-2010_0112-01_firefox.nasl |
2010-02-19 | Name : CentOS Update for firefox CESA-2010:0112 centos4 i386 File : nvt/gb_CESA-2010_0112_firefox_centos4_i386.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.0 and Xulrunner 1.9 vulnerabilities USN-895-1 File : nvt/gb_ubuntu_USN_895_1.nasl |
2010-02-19 | Name : Ubuntu Update for Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities USN-896-1 File : nvt/gb_ubuntu_USN_896_1.nasl |
2010-02-18 | Name : FreeBSD Ports: firefox File : nvt/freebsd_firefox44.nasl |
2010-01-29 | Name : Mandriva Update for urpmi MDVA-2010:042 (urpmi) File : nvt/gb_mandriva_MDVA_2010_042.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62426 | Mozilla Multiple Browsers SVG Document Binary Content-Type Header XSS Weakness |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2013-01-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201301-01.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6866.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6867.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1727.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-1932.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2010-1936.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE system is missing a security patch for MozillaThunderbird File : suse_11_2_MozillaThunderbird-100305.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_mozilla-xulrunner190-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_MozillaFirefox-100219.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_seamonkey-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_MozillaFirefox-100218.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_MozillaFirefox-100223.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_MozillaFirefox-6863.nasl - Type : ACT_GATHER_INFO |
2010-02-25 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mozilla-xulrunner190-6871.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1999.nasl - Type : ACT_GATHER_INFO |
2010-02-22 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-042.nasl - Type : ACT_GATHER_INFO |
2010-02-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_f82c85d81c6e11dfabb2000f20797ede.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-895-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-896-1.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : seamonkey_203.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0112.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_358.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote Windows host contains a web browser that is affected by multiple v... File : mozilla_firefox_3018.nasl - Type : ACT_GATHER_INFO |
2010-02-18 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0113.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:12:28 |
|
2024-02-01 12:03:27 |
|
2023-09-05 12:11:43 |
|
2023-09-05 01:03:18 |
|
2023-09-02 12:11:46 |
|
2023-09-02 01:03:20 |
|
2023-08-12 12:13:55 |
|
2023-08-12 01:03:20 |
|
2023-08-11 12:11:49 |
|
2023-08-11 01:03:28 |
|
2023-08-06 12:11:21 |
|
2023-08-06 01:03:22 |
|
2023-08-04 12:11:26 |
|
2023-08-04 01:03:23 |
|
2023-07-14 12:11:23 |
|
2023-07-14 01:03:21 |
|
2023-03-29 01:13:04 |
|
2023-03-28 12:03:27 |
|
2022-10-11 12:10:09 |
|
2022-10-11 01:03:09 |
|
2021-05-04 12:10:57 |
|
2021-04-22 01:11:32 |
|
2020-05-23 00:25:06 |
|
2017-09-19 09:23:35 |
|
2017-08-17 09:22:53 |
|
2016-04-26 19:30:50 |
|
2014-02-17 10:53:19 |
|
2013-05-10 23:16:28 |
|