You are here

CVE-2010-3770

Vincent (CVE) Danen's picture
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

Details Source

Mitre

Public Date

2010-12-09 00:00:00

Impact

Moderate

Bugzilla

CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)

Bugzilla ID

660 439

CVSS Status

verified

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (firefox) RHSA-2010:0966 2010-12-09
Red Hat Enterprise Linux 4 (firefox) RHSA-2010:0966 2010-12-09
Red Hat Enterprise Linux 6 (firefox) RHSA-2010:0966 2010-12-09

CWE

CWE-79

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 6 xulrunner 1.9.2.13-3.el6_0 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.2.13-3.el5 Fixed
Red Hat Enterprise Linux Server EUS (v. 6.0) firefox Affected