CVE-2010-0170

Publication date 25 March 2010

Last updated 24 July 2024

Ubuntu priority

Description

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
https://www.cve.org/CVERecord?id=CVE-2010-0170