CVE-2010-3177 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11 and SeaMonkey before 2.0.9 allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mozilla.org/security/announce/2010/mfsa2010-68.html http://www.redhat.com/support/errata/RHSA-2010-0781.html http://www.redhat.com/support/errata/RHSA-2010-0782.html http://www.redhat.com/support/errata/RHSA-2010-0861.html http://www.ubuntu.com/usn/USN-997-1 http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=556734 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12202