CVE-2010-1213

Mozilla Firefox <3.5.11 & Thunderbird <3.0.6 & SeaMonkey <2.0.6 - SSRF

Title source: llm
STIX 2.1

Description

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.

References (3)

Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=568148
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11835

Scores

EPSS 0.0096
EPSS Percentile 57.3%

Details

CWE
CWE-20
Status published
Products (46)
mozilla/firefox 3.5.1
mozilla/firefox 3.5.2
mozilla/firefox 3.5.3
mozilla/firefox 3.5.4
mozilla/firefox 3.5.5
mozilla/firefox 3.5.6
mozilla/firefox 3.5.7
mozilla/firefox 3.5.9
mozilla/firefox 3.5.10
mozilla/firefox 3.6
... and 36 more
Published Jul 30, 2010
Tracked Since Feb 18, 2026