cvelistv5 - cve-2010-1585

CVE-2010-1585 (GCVE-0-2010-1585)

Vulnerability from cvelistv5

Published

2010-04-28 22:00

Modified

2024-08-07 01:28

Severity ?

CWE

Summary

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

References

URL

Tags

	http://downloads.avaya.com/css/P8/documents/100133195	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=562547	x_refsource_CONFIRM
	http://www.securityfocus.com/archive/1/510883/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:041	vendor-advisory, x_refsource_MANDRIVA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532	vdb-entry, signature, x_refsource_OVAL
	http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf	x_refsource_MISC
	http://www.mozilla.org/security/announce/2011/mfsa2011-08.html	x_refsource_CONFIRM
	http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:042	vendor-advisory, x_refsource_MANDRIVA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.795Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.avaya.com/css/P8/documents/100133195"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=562547"
          },
          {
            "name": "20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox \u0026 Exploiting Cross Context Scripting vulnerabilities in Firefox",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/510883/100/0/threaded"
          },
          {
            "name": "MDVSA-2011:041",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
          },
          {
            "name": "oval:org.mitre.oval:def:12532",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-08.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/"
          },
          {
            "name": "MDVSA-2011:042",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:042"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.avaya.com/css/P8/documents/100133195"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=562547"
        },
        {
          "name": "20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox \u0026 Exploiting Cross Context Scripting vulnerabilities in Firefox",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/510883/100/0/threaded"
        },
        {
          "name": "MDVSA-2011:041",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
        },
        {
          "name": "oval:org.mitre.oval:def:12532",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-08.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/"
        },
        {
          "name": "MDVSA-2011:042",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:042"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1585",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://downloads.avaya.com/css/P8/documents/100133195",
              "refsource": "CONFIRM",
              "url": "http://downloads.avaya.com/css/P8/documents/100133195"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=562547",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=562547"
            },
            {
              "name": "20100421 Security-Assessment.com WhitePaper/Addendum: Cross Context Scripting with Firefox \u0026 Exploiting Cross Context Scripting vulnerabilities in Firefox",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/510883/100/0/threaded"
            },
            {
              "name": "MDVSA-2011:041",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:041"
            },
            {
              "name": "oval:org.mitre.oval:def:12532",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12532"
            },
            {
              "name": "http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf",
              "refsource": "MISC",
              "url": "http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-08.html",
              "refsource": "CONFIRM",
              "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-08.html"
            },
            {
              "name": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/",
              "refsource": "MISC",
              "url": "http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/"
            },
            {
              "name": "MDVSA-2011:042",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:042"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1585",
    "datePublished": "2010-04-28T22:00:00.000Z",
    "dateReserved": "2010-04-28T00:00:00.000Z",
    "dateUpdated": "2024-08-07T01:28:41.795Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2011-AVI-127

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Mozilla, dont plusieurs pourraient permettre l'execution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans les produits de la gamme Mozilla. Elles incluent notamment:

plusieurs problèmes de corruption de la mémoire qui pourraient permettre dans certaines conditions l'arrêt brutal du logiciel ou l'execution de code arbitraire ;
plusieurs problèmes de type dépassement de tampon dans le moteur JavaScript qui pourraient permettre l'execution de code arbitraire ;
un problème de type dépassement de tampon dans l'interprétation des images JPEG qui pourrait permettre l'execution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions antérieures aux logiciels suivants :

Firefox 3.6.14 ;
Firefox 3.5.17 ;
Thunderbird 3.1.8 ;
SeaMonkey 2.0.12.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité de la fondation Mozilla du 01 mars 2011	None	vendor-advisory
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-03 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-06 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-02 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-08 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-10 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-04 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-09 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-07 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-01 du 01 mars 2011 :	-	other
Bulletin de sécurité de la fondation Mozilla 2011/mfsa2011-05 du 01 mars 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions ant\u00e9rieures aux logiciels  suivants :  \u003cUL\u003e    \u003cLI\u003eFirefox 3.6.14 ;\u003c/LI\u003e    \u003cLI\u003eFirefox 3.5.17 ;\u003c/LI\u003e    \u003cLI\u003eThunderbird 3.1.8 ;\u003c/LI\u003e    \u003cLI\u003eSeaMonkey 2.0.12.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits de la\ngamme Mozilla. Elles incluent notamment:\n\n-   plusieurs probl\u00e8mes de corruption de la m\u00e9moire qui pourraient\n    permettre dans certaines conditions l\u0027arr\u00eat brutal du logiciel ou\n    l\u0027execution de code arbitraire ;\n-   plusieurs probl\u00e8mes de type d\u00e9passement de tampon dans le moteur\n    JavaScript qui pourraient permettre l\u0027execution de code arbitraire ;\n-   un probl\u00e8me de type d\u00e9passement de tampon dans l\u0027interpr\u00e9tation des\n    images JPEG qui pourrait permettre l\u0027execution de code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0062"
    },
    {
      "name": "CVE-2011-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0059"
    },
    {
      "name": "CVE-2011-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0051"
    },
    {
      "name": "CVE-2011-0057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0057"
    },
    {
      "name": "CVE-2010-1585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1585"
    },
    {
      "name": "CVE-2011-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0054"
    },
    {
      "name": "CVE-2011-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0058"
    },
    {
      "name": "CVE-2011-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0053"
    },
    {
      "name": "CVE-2011-0061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0061"
    },
    {
      "name": "CVE-2011-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0055"
    },
    {
      "name": "CVE-2011-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0056"
    }
  ],
  "initial_release_date": "2011-03-03T00:00:00",
  "last_revision_date": "2011-03-03T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-03 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-03.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-06 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-06.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-02 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-02.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-08 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-08.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-10 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-10.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-04 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-04.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-09 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-09.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-07 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-07.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-01 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-01.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2011/mfsa2011-05 du 01 mars 2011 :",
      "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-05.html"
    }
  ],
  "reference": "CERTA-2011-AVI-127",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-03-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Mozilla,\ndont plusieurs pourraient permettre l\u0027execution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 01 mars 2011",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-1585 (GCVE-0-2010-1585)

Vulnerability from cvelistv5

CERTA-2011-AVI-127

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature