Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2010-2768

Date: September 9, 2010

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.

Severity Score

Related Resources (18)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
https://bugzilla.mozilla.org/show_bug.cgi?id=579744
http://www.vupen.com/english/advisories/2010/2323
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://www.vupen.com/english/advisories/2011/0061
http://www.securityfocus.com/bid/43101
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2768
https://nvd.nist.gov/vuln/detail/CVE-2010-2768
https://access.redhat.com/security/cve/CVE-2010-2768
http://support.avaya.com/css/P8/documents/100112690
http://www.mozilla.org/security/announce/2010/mfsa2010-61.html
http://secunia.com/advisories/42867
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
http://support.avaya.com/css/P8/documents/100110210
http://www.debian.org/security/2010/dsa-2106
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11735
https://www.mend.io/vulnerability-database/CVE-2010-2768

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us