CVE-2010-0178

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.0.19 Mozilla Firefox versions 3.5.x prior to 3.5.9 Mozilla Firefox versions 3.6.x prior to 3.6.2 SeaMonkey versions prior to 2.0.4

Description The issue allows remote attackers to execute arbitrary JavaScript with Chrome privileges. This is achieved by loading a chrome: URL and then a javascript: URL, which interprets mouse clicks as drag-and-drop actions due to insufficient prevention in applets.

Recommendations For Mozilla Firefox versions prior to 3.0.19, update to version 3.0.19 or later. For Mozilla Firefox versions 3.5.x prior to 3.5.9, update to version 3.5.9 or later. For Mozilla Firefox versions 3.6.x prior to 3.6.2, update to version 3.6.2 or later. For SeaMonkey versions prior to 2.0.4, update to version 2.0.4 or later.