CVE-2010-3178 Information

Description

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11 Thunderbird before 3.0.9 and 3.1.x before 3.1.5 and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:211 http://www.mozilla.org/security/announce/2010/mfsa2010-69.html http://www.redhat.com/support/errata/RHSA-2010-0782.html http://www.redhat.com/support/errata/RHSA-2010-0861.html http://www.redhat.com/support/errata/RHSA-2010-0896.html http://www.securityfocus.com/bid/44252 http://www.ubuntu.com/usn/USN-997-1 http://www.ubuntu.com/usn/USN-998-1 http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=576616 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12120