CVE-2010-3770
Published: 9 December 2010
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
Notes
Author | Note |
---|---|
jdstrand | Ubuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8. |
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
karmic |
Does not exist
|
|
lucid |
Released
(3.6.13+build3+nobinonly-0ubuntu0.10.04.1)
|
|
maverick |
Released
(3.6.13+build3+nobinonly-0ubuntu0.10.10.1)
|
|
upstream |
Released
(3.6.13)
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(3.6.13+build3+nobinonly-0ubuntu0.8.04.1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Needs triage
(Ubuntu source uses 3.6.x)
|
|
firefox-3.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(3.6.13+build3+nobinonly-0ubuntu0.9.10.1)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Needs triage
(Ubuntu source uses 3.6.x)
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.0.11+build1+nobinonly-0ubuntu0.8.04.1)
|
|
karmic |
Released
(2.0.11+build1+nobinonly-0ubuntu0.9.10.1)
|
|
lucid |
Released
(2.0.11+build1+nobinonly-0ubuntu0.10.04.1)
|
|
maverick |
Released
(2.0.11+build1+nobinonly-0ubuntu0.10.10.1)
|
|
upstream |
Released
(2.0.11)
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1)
|
|
karmic |
Released
(1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1)
|
|
lucid |
Released
(1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1)
|
|
maverick |
Released
(1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1)
|
|
upstream |
Needs triage
|