Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-3774

The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
SECTRACK: 1024850
CONFIRM: http://support.avaya.c...
FEDORA: FEDORA-2010-18773
FEDORA: FEDORA-2010-18775
FEDORA: FEDORA-2010-18890
FEDORA: FEDORA-2010-18920
REDHAT: RHSA-2010:0966
UBUNTU: USN-1019-1
SECUNIA: 42716
MANDRIVA: MDVSA-2010:251
SUSE: SUSE-SA:2011:003
SECUNIA: 42818
VUPEN: ADV-2011-0030
OVAL: oval:org.mitre.oval:de...

Launchpad.net

CVE 2010-3774

Related bugs

References