CVE-2010-0182

Firefox < 3.5.9 - Unauthenticated Access Restriction Bypass via XMLDocument::load

Title source: llm
STIX 2.1

Description

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

References (16)

Core 16
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39397
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0501.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1557
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39479
Various Sources vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-921-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=490790
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0500.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57396
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0748
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0849
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375
Vendor Advisory x_refsource_confirm
http://support.avaya.com/css/P8/documents/100091069

Scores

EPSS 0.0119
EPSS Percentile 64.3%

Details

CWE
CWE-20
Status published
Products (46)
mozilla/firefox 3.6
mozilla/firefox 0.1
mozilla/firefox 0.2
mozilla/firefox 0.3
mozilla/firefox 0.4
mozilla/firefox 0.5
mozilla/firefox 0.6
mozilla/firefox 0.6.1
mozilla/firefox 0.7
mozilla/firefox 0.7.1
... and 36 more
Published Apr 05, 2010
Tracked Since Feb 18, 2026