NVD

Id
12746  
Name
CVE-2010-1213  
Description
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-18  
Published
2010-07-30  
Modified Date
2010-08-21  
Seq
2010-1213  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
70279 12746 CVE-2010-1213 oval:org.mitre.oval:def:11835  View
70280 12746 CVE-2010-1213 http://www.mozilla.org/security/announce/2010/mfsa2010-42.html  View
70281 12746 CVE-2010-1213 https://bugzilla.mozilla.org/show_bug.cgi?id=568148  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
36042 JVNDB-2010-001822 複数の Mozilla 製品の Web Worker の importScripts メソッドにおける重要な情報を取得される脆弱性 複数の Mozilla 製品の Web Worker の importScripts メソッドには、コンテンツが有効な JavaScript コードを検証しないため、同一生成元ポリシーを回避される、または重要な情報を取得される脆弱性が存在します。 CVE-2010-1213 43793 CVE-2010-1213 12746 4.3 http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-001822.html 2010-07-20 2011-01-06 View