Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close

CVE-2010-0171

Published: 25 March 2010

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(end of life)
hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid
Released (3.6.3+nobinonly-0ubuntu2)
upstream
Released (3.6.2)
seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
intrepid Ignored
(end of life, was needed)
jaunty
Released (2.0.8+build1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (2.0.8+build1+nobinonly-0ubuntu0.9.10.1)
lucid
Released (2.0.8+build1+nobinonly-0ubuntu0.10.04.1)
upstream
Released (2.0.3)
thunderbird
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid
Released (3.0.4+nobinonly-0ubuntu1)
upstream
Released (3.0.2)
xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.0.19+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.19+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.9.0.19+nobinonly-0ubuntu0.9.04.1)
karmic Does not exist

lucid Does not exist

upstream
Released (1.9.0.19)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1.9+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.9.1.9+nobinonly-0ubuntu0.9.10.1)
lucid Does not exist

upstream
Released (1.9.1.9)