CVE-2010-3770

Mozilla Firefox < 2.0.10 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yosuke Hasegawa · textremotelinux

https://www.exploit-db.com/exploits/35095

View Code ZIP pw:eip

References (18)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html

[Third Party Advisory] http://secunia.com/advisories/42716

[Third Party Advisory] http://secunia.com/advisories/42818

[Vendor Advisory] http://support.avaya.com/css/P8/documents/100124650

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2010:251

[Patch, Vendor Advisory] http://www.mozilla.org/security/announce/2010/mfsa2010-84.html

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2010-0966.html

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1024851

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1019-1

[Patch] https://bugzilla.mozilla.org/show_bug.cgi?id=601429

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12348

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/45353

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html

[Third Party Advisory] http://www.debian.org/security/2010/dsa-2132

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0030

Scores

EPSS 0.0708

EPSS Percentile 91.4%

Classification

CWE

CWE-79

Status published

Affected Products (50)

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/firefox

mozilla/seamonkey < 2.0.10

mozilla/seamonkey

mozilla/seamonkey

mozilla/seamonkey

... and 35 more

Timeline

Published Dec 10, 2010

Tracked Since Feb 18, 2026