[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-3177Date: (C)2010-10-21   (M)2024-03-27


Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-42867
ADV-2011-0061
DSA-2124
FEDORA-2010-16885
FEDORA-2010-16897
MDVSA-2010:210
RHSA-2010:0781
RHSA-2010:0782
RHSA-2010:0861
USN-997-1
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://support.avaya.com/css/P8/documents/100114250
http://support.avaya.com/css/P8/documents/100120156
http://www.mozilla.org/security/announce/2010/mfsa2010-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=556734
oval:org.mitre.oval:def:12202

CPE    148
cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.8
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:3.5.5
...
CWE    1
CWE-79
OVAL    36
oval:org.secpod.oval:def:200095
oval:org.secpod.oval:def:100009
oval:org.secpod.oval:def:101056
oval:org.secpod.oval:def:100520
...

© SecPod Technologies