CVE-2010-1213
Mozilla Firefox <3.5.11 & Thunderbird <3.0.6 & SeaMonkey <2.0.6 - SSRF
Title source: llmDescription
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.
References (3)
Core 3
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=568148
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11835
Scores
EPSS
0.0096
EPSS Percentile
57.3%
Details
CWE
CWE-20
Status
published
Products (46)
mozilla/firefox
3.5.1
mozilla/firefox
3.5.2
mozilla/firefox
3.5.3
mozilla/firefox
3.5.4
mozilla/firefox
3.5.5
mozilla/firefox
3.5.6
mozilla/firefox
3.5.7
mozilla/firefox
3.5.9
mozilla/firefox
3.5.10
mozilla/firefox
3.6
... and 36 more
Published
Jul 30, 2010
Tracked Since
Feb 18, 2026