CVE-2010-2762

{"id": "CVE-2010-2762", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-09T19:00:02.267", "references": [{"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42867", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/css/P8/documents/100112690", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173", "source": "cve@mitre.org"}, {"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/43092", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2323", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0061", "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492", "source": "cve@mitre.org"}, {"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/42867", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/css/P8/documents/100112690", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/43092", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2323", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2011/0061", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."}, {"lang": "es", "value": "La clase XPCSafeJSObjectWrapper en la implementaci\u00f3n SafeJSObjectWrapper (tambi\u00e9n conocido como SJOW) en Mozilla Firefox 3.6.x anterior a v3.6.9 y Thunderbird v3.1.x anterior a v3.1.3 no restringe apropiadamente los objetos al final de las cadenas de \u00e1mbito de aplicaci\u00f3n, permitiendo a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario con privilegios de chrome a trav\u00e9s de vectores relacionados con un objeto privilegiado de chrome y una cadena que termina en un objeto externo."}], "lastModified": "2024-11-21T01:17:20.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3782354-7EB7-49D2-B240-1871F6CB84C7"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D47263-03AD-4060-91E3-90F997B3D174"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD775DF-277E-4D5B-B980-B8E6E782467D"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8587BFD-417D-42BE-A5F8-22FDC68FA9E6"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7364FAB-EEE9-4064-A8AD-6547239F9AB3"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C50485F-BC7B-4B70-A47B-1712E2DBAC5A"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EE386B-0833-484E-A2AB-86B4470D4D45"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FC2EFB-CE85-4A65-A7B4-A0779F11B5BA"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B9EA91-A461-42CE-9ED7-3805BD13A4B6"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C48E432-8945-4918-B2A4-AD2E05A51633"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}