The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors | Products |
---|---|
Mozilla |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-04-28T22:00:00
Updated: 2018-10-10T18:57:01
Reserved: 2010-04-28T00:00:00
Link: CVE-2010-1585
JSON object: View
NVD Information
Status : Modified
Published: 2010-04-28T22:30:00.887
Modified: 2018-10-10T19:57:33.013
Link: CVE-2010-1585
JSON object: View
Redhat Information
No data.
CWE