6.8

CVE-2010-2762

EPSS 1.74%
Veröffentlicht 09.09.2010 19:00:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version3.6

Mozilla ≫ Firefox Version3.6.2

Mozilla ≫ Firefox Version3.6.3

Mozilla ≫ Firefox Version3.6.4

Mozilla ≫ Firefox Version3.6.6

Mozilla ≫ Firefox Version3.6.7

Mozilla ≫ Firefox Version3.6.8

Mozilla ≫ Thunderbird Version3.1

Mozilla ≫ Thunderbird Version3.1.1

Mozilla ≫ Thunderbird Version3.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.74%	0.808

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

http://www.vupen.com/english/advisories/2010/2323

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

http://secunia.com/advisories/42867

http://support.avaya.com/css/P8/documents/100112690

http://www.mandriva.com/security/advisories?name=MDVSA-2010:173

http://www.vupen.com/english/advisories/2011/0061

http://www.mozilla.org/security/announce/2010/mfsa2010-59.html

Vendor Advisory

http://www.securityfocus.com/bid/43092

https://bugzilla.mozilla.org/show_bug.cgi?id=584180

https://exchange.xforce.ibmcloud.com/vulnerabilities/61656

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492

https://nvd.nist.gov/vuln/detail/CVE-2010-2762

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2762

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2762

EUVD