CVE-2010-3771

Publication date 9 December 2010

Last updated 24 July 2024

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	10.10 maverick	Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Not in release
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored
firefox-3.0	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Fixed 3.6.13+build3+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
firefox-3.5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Fixed 3.6.13+build3+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
seamonkey	10.10 maverick	Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 2.0.11+build1+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 2.0.11+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
xulrunner-1.9.2	10.10 maverick	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release

CVE-2010-3771

Status

Notes

jdstrand

References

Related Ubuntu Security Notices (USN)

Other references