|Bugzilla:||566052: CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)|
The MITRE CVE dictionary describes this issue as:
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|Red Hat Enterprise Linux version 4 (firefox)||RHSA-2010:0112||February 17, 2010|
|Red Hat Enterprise Linux version 5 (firefox)||RHSA-2010:0112||February 17, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.