PT-2010-1992 · Mozilla+1 · Firefox+2
Published
2010-03-30
·
Updated
2024-12-12
·
CVE-2010-0178
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions prior to 3.0.19
Mozilla Firefox versions 3.5.x prior to 3.5.9
Mozilla Firefox versions 3.6.x prior to 3.6.2
SeaMonkey versions prior to 2.0.4
Description
The issue allows remote attackers to execute arbitrary JavaScript with Chrome privileges. This is achieved by loading a chrome: URL and then a javascript: URL, which interprets mouse clicks as drag-and-drop actions due to insufficient prevention in applets.
Recommendations
For Mozilla Firefox versions prior to 3.0.19, update to version 3.0.19 or later.
For Mozilla Firefox versions 3.5.x prior to 3.5.9, update to version 3.5.9 or later.
For Mozilla Firefox versions 3.6.x prior to 3.6.2, update to version 3.6.2 or later.
For SeaMonkey versions prior to 2.0.4, update to version 2.0.4 or later.
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Red Hat
Seamonkey