CVE-2010-2762

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
http://secunia.com/advisories/42867
http://support.avaya.com/css/P8/documents/100112690
http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
http://www.mozilla.org/security/announce/2010/mfsa2010-59.html	Vendor Advisory
http://www.securityfocus.com/bid/43092
http://www.vupen.com/english/advisories/2010/2323
http://www.vupen.com/english/advisories/2011/0061
https://bugzilla.mozilla.org/show_bug.cgi?id=584180
https://exchange.xforce.ibmcloud.com/vulnerabilities/61656
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox:3.6:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.3:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.4:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.6:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.7:::::::*
	cpe:2.3:a:mozilla:firefox:3.6.8:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:mozilla:thunderbird:3.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:3.1.1:::::::*
	cpe:2.3:a:mozilla:thunderbird:3.1.2:::::::*

History

No history.

Information

Published : 2010-09-09 19:00

Updated : 2024-02-28 11:41

NVD link : CVE-2010-2762

Mitre link : CVE-2010-2762

CVE.ORG link : CVE-2010-2762

JSON object : View

Products Affected

mozilla

firefox
thunderbird

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2010-2762", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-09T19:00:02.267", "references": [{"url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/42867", "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/css/P8/documents/100112690", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173", "source": "cve@mitre.org"}, {"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/43092", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2323", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2011/0061", "source": "cve@mitre.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656", "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."}, {"lang": "es", "value": "La clase XPCSafeJSObjectWrapper en la implementaci\u00f3n SafeJSObjectWrapper (tambi\u00e9n conocido como SJOW) en Mozilla Firefox 3.6.x anterior a v3.6.9 y Thunderbird v3.1.x anterior a v3.1.3 no restringe apropiadamente los objetos al final de las cadenas de \u00e1mbito de aplicaci\u00f3n, permitiendo a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario con privilegios de chrome a trav\u00e9s de vectores relacionados con un objeto privilegiado de chrome y una cadena que termina en un objeto externo."}], "lastModified": "2017-09-19T01:31:07.127", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3782354-7EB7-49D2-B240-1871F6CB84C7"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30D47263-03AD-4060-91E3-90F997B3D174"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD775DF-277E-4D5B-B980-B8E6E782467D"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8587BFD-417D-42BE-A5F8-22FDC68FA9E6"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7364FAB-EEE9-4064-A8AD-6547239F9AB3"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C50485F-BC7B-4B70-A47B-1712E2DBAC5A"}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EE386B-0833-484E-A2AB-86B4470D4D45"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FC2EFB-CE85-4A65-A7B4-A0779F11B5BA"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27B9EA91-A461-42CE-9ED7-3805BD13A4B6"}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C48E432-8945-4918-B2A4-AD2E05A51633"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}