PT-2010-4276 · Mozilla+2 · Firefox+3

Publicado

2010-09-08

·

Atualizado

2024-12-12

·

CVE-2010-2762

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.6.x through 3.6.8 Thunderbird versions 3.1.x through 3.1.2
Description The issue is related to the XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper implementation, which does not properly restrict objects at the end of scope chains. This allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
Recommendations For Mozilla Firefox versions 3.6.x through 3.6.8, update to version 3.6.9 or later. For Thunderbird versions 3.1.x through 3.1.2, update to version 3.1.3 or later.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2010-2762
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:14572-1
RHSA-2010:0681
RHSA-2010_0681

Produtos afetados

Firefox
Red Hat
Suse
Thunderbird