Detections
Analytics
CVE-2010-3178
medium
Description
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12120
https://bugzilla.mozilla.org/show_bug.cgi?id=576616
http://www.vupen.com/english/advisories/2011/0061
http://www.ubuntu.com/usn/USN-998-1
http://www.ubuntu.com/usn/USN-997-1
http://www.securityfocus.com/bid/44252
http://www.redhat.com/support/errata/RHSA-2010-0896.html
http://www.redhat.com/support/errata/RHSA-2010-0861.html
http://www.redhat.com/support/errata/RHSA-2010-0782.html
http://www.mozilla.org/security/announce/2010/mfsa2010-69.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:211
http://www.mandriva.com/security/advisories?name=MDVSA-2010:210
http://www.debian.org/security/2010/dsa-2124
http://support.avaya.com/css/P8/documents/100120156
http://secunia.com/advisories/42867
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox