CVE-2010-0182
Firefox < 3.5.9 - Unauthenticated Access Restriction Bypass via XMLDocument::load
Title source: llmDescription
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.
References (16)
Core 16
Core References
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39397
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0501.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1557
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39479
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-921-1
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=490790
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0500.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57396
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0748
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0849
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100091069
Scores
EPSS
0.0119
EPSS Percentile
64.3%
Details
CWE
CWE-20
Status
published
Products (46)
mozilla/firefox
3.6
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.3
mozilla/firefox
0.4
mozilla/firefox
0.5
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.7.1
... and 36 more
Published
Apr 05, 2010
Tracked Since
Feb 18, 2026