CVE-2010-0171

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DSA-1999-1 OPENSUSE-SU-2024:10071-1 OPENSUSE-SU-2024:14572-1 RHSA-2010:0112 RHSA-2010:0113 RHSA-2010:0153

Modified

Published: 25 Mar 2010, 20:31

Last modified:07 Aug 2024, 00:37

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

0.52% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

25 Mar 2010, 20:31

Published

Vulnerability first disclosed

07 Aug 2024, 00:37

Last Modified

Vulnerability information updated

Description

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.52%• Percentile: 67%

Techniques & Countermeasures

CWE-79•Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Affected Systems

mozilla•firefox
3.0 | 3.0.1 | 3.0.10 | 3.0.11 | 3.0.12 | 3.0.13 | 3.0.14 | 3.0.15 | 3.0.16 | 3.0.17 | 3.5 | 3.5.1 | 3.5.2 | 3.5.3 | 3.5.4 | 3.5.5 | 3.5.6 | 3.5.7 | 3.6
mozilla•seamonkey
≤ 2.0.2 | 1.1 | 1.1:alpha | 1.1:beta | 1.1.1 | 1.1.2 | 1.1.3 | 1.1.4 | 1.1.5 | 1.1.5:1.1.10 | 1.1.6 | 1.1.7 | 1.1.8 | 1.1.9 | 1.1.10 | 1.1.11 | 1.1.12 | 1.1.13 | 1.1.14 | 1.1.15 | 1.1.16 | 1.1.17 | 1.1.18 | 1.1.19 | 2.0 | 2.0:alpha_1 | 2.0:alpha_2 | 2.0:alpha_3 | 2.0:beta_1 | 2.0:beta_2 | 2.0:rc1 | 2.0:rc2 | 2.0.1
mozilla•thunderbird
≤ 3.0.1 | 1.5 | 1.5:beta2 | 1.5.0.1 | 1.5.0.2 | 1.5.0.3 | 1.5.0.4 | 1.5.0.5 | 1.5.0.6 | 1.5.0.7 | 1.5.0.8 | 1.5.0.9 | 1.5.0.10 | 1.5.0.11 | 1.5.0.12 | 1.5.0.13 | 1.5.0.14 | 1.5.1 | 1.5.2 | 2.0.0.0 | 2.0.0.3 | 2.0.0.4 | 2.0.0.5 | 2.0.0.6 | 2.0.0.7 | 2.0.0.8 | 2.0.0.9 | 2.0.0.12 | 2.0.0.14 | 2.0.0.16 | 2.0.0.17 | 2.0.0.18 | 2.0.0.19