4.3

CVE-2010-1207

EPSS 0.26%
Published 30.07.2010 20:30:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.

Affected products Warnungen 0 Metrics 2 CWE 0 References 6

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version <= 3.6.6

Mozilla ≫ Firefox Version3.6

Mozilla ≫ Firefox Version3.6.2

Mozilla ≫ Firefox Version3.6.3

Mozilla ≫ Firefox Version3.6.4

Mozilla ≫ Thunderbird Version <= 3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.466

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://www.mozilla.org/security/announce/2010/mfsa2010-43.html

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=571287

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11887

https://nvd.nist.gov/vuln/detail/CVE-2010-1207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-1207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-1207

EUVD