CVE-2010-0182 Information

Description

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2 Thunderbird before 3.0.4 and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents which allows attackers to bypass intended access restrictions via crafted content.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39397 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-921-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-24.html http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securityfocus.com/bid/39479 http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/english/advisories/2010/0849 http://www.vupen.com/english/advisories/2010/1557 https://bugzilla.mozilla.org/show_bug.cgi?id=490790 https://exchange.xforce.ibmcloud.com/vulnerabilities/57396 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7618 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9375