Launchpad.net

CVE 2010-0179

Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.

Related bugs and status

CVE-2010-0179 (Candidate) is related to these bugs:

Bug #575160: seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics

		In	Importance	Status
575160	seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics	seamonkey (Ubuntu)	High	Fix Released
575160	seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics	seamonkey (Ubuntu Lucid)	High	Fix Released
575160	seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics	seamonkey (Ubuntu Maverick)	High	Fix Released
575160	seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics	seamonkey (openSUSE)	Medium	Fix Released
575160	seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics	seamonkey (Ubuntu Karmic)	High	Fix Released
575160	seamonkey 2.0 crashes with 'RenderBadPicture' diagnostics	seamonkey (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
REDHAT: RHSA-2010:0332
SECTRACK: 1023783
SECUNIA: 3924
SECUNIA: 39243
VUPEN: ADV-2010-0748
VUPEN: ADV-2010-0764
DEBIAN: DSA-2027
SECUNIA: 39308
VUPEN: ADV-2010-0781
MANDRIVA: MDVSA-2010:070
UBUNTU: USN-921-1
SECUNIA: 39397
VUPEN: ADV-2010-0849
SUSE: SUSE-SR:2010:013
BID: 39124
CONFIRM: http://support.avaya.c...
MANDRIVA: MDVSA-2010:251
SUSE: SUSE-SA:2011:003
SECUNIA: 42818
VUPEN: ADV-2011-0030
XF: firefox-firebug-code-e...
OVAL: oval:org.mitre.oval:de...
OVAL: oval:org.mitre.oval:de...