CVE

Id
42752  
CVE No.
CVE-2010-0168  
Status
Candidate  
Description
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image"s URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser"s add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.  
Phase
Assigned (20100106)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
465928 42752 CVE-2010-0168 CONFIRM:http://www.mozilla.org/security/announce/2010/mfsa2010-13.html  View
465929 42752 CVE-2010-0168 CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=540642  View
465930 42752 CVE-2010-0168 MANDRIVA:MDVSA-2010:070  View
465931 42752 CVE-2010-0168 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:070  View
465932 42752 CVE-2010-0168 BID:38918  View
465933 42752 CVE-2010-0168 URL:http://www.securityfocus.com/bid/38918  View
465934 42752 CVE-2010-0168 OVAL:oval:org.mitre.oval:def:8711  View
465935 42752 CVE-2010-0168 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8711  View
465936 42752 CVE-2010-0168 VUPEN:ADV-2010-0692  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
35432 JVNDB-2010-001212 Mozilla Firefox の非同期認証プロンプト実装における信頼できる認証ダイアログになりすまされる脆弱性 Mozilla Firefox の 非同期認証プロンプト実装における toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js には、複数のウェブサイトからの認証要求を並列で処理する場合に不備があるため、信頼できる認証ダイアログになりすまされる脆弱性が存在します。 CVE-2010-0172 42752 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001212.html  View