National Cyber Awareness System

Vulnerability Summary for CVE-2010-0162

Overview

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: CONFIRM

Name: https://bugzilla.mozilla.org/show_bug.cgi?id=455472

Hyperlink:https://bugzilla.mozilla.org/show_bug.cgi?id=455472

External Source: XF

Name: mozilla-svg-xss(56363)

Hyperlink:http://xforce.iss.net/xforce/xfdb/56363

External Source: VUPEN

Name: ADV-2010-0405

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/0405

External Source: UBUNTU

Name: USN-896-1

Hyperlink:http://www.ubuntu.com/usn/USN-896-1

External Source: UBUNTU

Name: USN-895-1

Hyperlink:http://www.ubuntu.com/usn/USN-895-1

External Source: REDHAT

Name: RHSA-2010:0112

Hyperlink:http://www.redhat.com/support/errata/RHSA-2010-0112.html

External Source: CONFIRM

Name: http://www.mozilla.org/security/announce/2010/mfsa2010-05.html

Type: Advisory

Hyperlink:http://www.mozilla.org/security/announce/2010/mfsa2010-05.html

External Source: MANDRIVA

Name: MDVSA-2010:042

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:042

External Source: DEBIAN

Name: DSA-1999

Hyperlink:http://www.debian.org/security/2010/dsa-1999

External Source: SECUNIA

Name: 38847

Hyperlink:http://secunia.com/advisories/38847

External Source: SECUNIA

Name: 37242

Type: Advisory

Hyperlink:http://secunia.com/advisories/37242

External Source: OVAL

Name: oval:org.mitre.oval:def:8631

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8631

External Source: OVAL

Name: oval:org.mitre.oval:def:10697

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10697

External Source: SUSE

Name: SUSE-SA:2010:015

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html

External Source: FEDORA

Name: FEDORA-2010-1727

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html

External Source: FEDORA

Name: FEDORA-2010-1936

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html

External Source: FEDORA

Name: FEDORA-2010-1932

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html

References to Check Content

Identifier:oval:org.mitre.oval:def:8631

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:8631

Identifier:oval:org.mitre.oval:def:10697

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10697