CVE-2010-1585 Information

Feb 14, 2021 cve

Description

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14 Thunderbird before 3.1.8 and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

Reference

http://downloads.avaya.com/css/P8/documents/100133195 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment/ http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://www.securityfocus.com/archive/1/510883/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=562547 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12532

Share on: