CVE-2010-3770 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13 and SeaMonkey before 2.0.11 allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic (2) x-mac-farsi or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/42716 http://secunia.com/advisories/42818 http://support.avaya.com/css/P8/documents/100124650 http://www.debian.org/security/2010/dsa-2132 http://www.mandriva.com/security/advisories?name=MDVSA-2010:251 http://www.mozilla.org/security/announce/2010/mfsa2010-84.html http://www.redhat.com/support/errata/RHSA-2010-0966.html http://www.securityfocus.com/bid/45353 http://www.securitytracker.com/id?1024851 http://www.ubuntu.com/usn/USN-1019-1 http://www.vupen.com/english/advisories/2011/0030 https://bugzilla.mozilla.org/show_bug.cgi?id=601429 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12348