6.8

CVE-2010-2762

EPSS 1.74%
Published 09.09.2010 19:00:02
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

Affected products Warnungen 0 Metrics 2 CWE 0 References 15

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.6

Mozilla ≫ Firefox Version3.6.2

Mozilla ≫ Firefox Version3.6.3

Mozilla ≫ Firefox Version3.6.4

Mozilla ≫ Firefox Version3.6.6

Mozilla ≫ Firefox Version3.6.7

Mozilla ≫ Firefox Version3.6.8

Mozilla ≫ Thunderbird Version3.1

Mozilla ≫ Thunderbird Version3.1.1

Mozilla ≫ Thunderbird Version3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.74%	0.808

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

http://www.vupen.com/english/advisories/2010/2323

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://secunia.com/advisories/42867

http://support.avaya.com/css/P8/documents/100112690

http://www.mandriva.com/security/advisories?name=MDVSA-2010:173

http://www.vupen.com/english/advisories/2011/0061

http://www.mozilla.org/security/announce/2010/mfsa2010-59.html

Vendor Advisory

http://www.securityfocus.com/bid/43092

https://bugzilla.mozilla.org/show_bug.cgi?id=584180

https://exchange.xforce.ibmcloud.com/vulnerabilities/61656

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492

https://nvd.nist.gov/vuln/detail/CVE-2010-2762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2762

EUVD