{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180"}, {"name": "SUSE-SA:2010:049", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100112690"}, {"name": "42867", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42867"}, {"name": "ADV-2011-0061", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html"}, {"name": "MDVSA-2010:173", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"}, {"name": "ADV-2010-2323", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2323"}, {"name": "firefox-sjow-code-exec(61656)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656"}, {"name": "43092", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43092"}, {"name": "oval:org.mitre.oval:def:11492", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-2762", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180"}, {"name": "SUSE-SA:2010:049", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"}, {"name": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox", "refsource": "CONFIRM", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"name": "http://support.avaya.com/css/P8/documents/100112690", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100112690"}, {"name": "42867", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/42867"}, {"name": "ADV-2011-0061", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html", "refsource": "CONFIRM", "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html"}, {"name": "MDVSA-2010:173", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"}, {"name": "ADV-2010-2323", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2323"}, {"name": "firefox-sjow-code-exec(61656)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656"}, {"name": "43092", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43092"}, {"name": "oval:org.mitre.oval:def:11492", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:48.049Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180"}, {"name": "SUSE-SA:2010:049", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100112690"}, {"name": "42867", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42867"}, {"name": "ADV-2011-0061", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html"}, {"name": "MDVSA-2010:173", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"}, {"name": "ADV-2010-2323", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2323"}, {"name": "firefox-sjow-code-exec(61656)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656"}, {"name": "43092", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43092"}, {"name": "oval:org.mitre.oval:def:11492", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-2762", "datePublished": "2010-09-09T18:00:00", "dateReserved": "2010-07-14T00:00:00", "dateUpdated": "2024-08-07T02:46:48.049Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "F3782354-7EB7-49D2-B240-1871F6CB84C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "30D47263-03AD-4060-91E3-90F997B3D174", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "AFD775DF-277E-4D5B-B980-B8E6E782467D", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C8587BFD-417D-42BE-A5F8-22FDC68FA9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "D7364FAB-EEE9-4064-A8AD-6547239F9AB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "4C50485F-BC7B-4B70-A47B-1712E2DBAC5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "51EE386B-0833-484E-A2AB-86B4470D4D45", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "58FC2EFB-CE85-4A65-A7B4-A0779F11B5BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "27B9EA91-A461-42CE-9ED7-3805BD13A4B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C48E432-8945-4918-B2A4-AD2E05A51633", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."}, {"lang": "es", "value": "La clase XPCSafeJSObjectWrapper en la implementaci\u00f3n SafeJSObjectWrapper (tambi\u00e9n conocido como SJOW) en Mozilla Firefox 3.6.x anterior a v3.6.9 y Thunderbird v3.1.x anterior a v3.1.3 no restringe apropiadamente los objetos al final de las cadenas de \u00e1mbito de aplicaci\u00f3n, permitiendo a atacantes remotos ejecutar c\u00f3digo JavaScript arbitrario con privilegios de chrome a trav\u00e9s de vectores relacionados con un objeto privilegiado de chrome y una cadena que termina en un objeto externo."}], "id": "CVE-2010-2762", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-09-09T19:00:02.267", "references": [{"source": "cve@mitre.org", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/42867"}, {"source": "cve@mitre.org", "url": "http://support.avaya.com/css/P8/documents/100112690"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/43092"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/2323"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"source": "cve@mitre.org", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/42867"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/css/P8/documents/100112690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:173"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-59.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/43092"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/2323"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0061"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=584180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "firefox-0:3.6.9-1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-09-08T00:00:00Z"}, {"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "nspr-0:4.8.6-1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-09-08T00:00:00Z"}, {"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "nss-0:3.12.7-1.el4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-09-08T00:00:00Z"}, {"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "firefox-0:3.6.9-2.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-09-08T00:00:00Z"}, {"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nspr-0:4.8.6-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-09-08T00:00:00Z"}, {"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "nss-0:3.12.7-2.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-09-08T00:00:00Z"}, {"advisory": "RHSA-2010:0681", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "xulrunner-0:1.9.2.9-1.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-09-08T00:00:00Z"}], "bugzilla": {"description": "Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)", "id": "630071", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=630071"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object."], "name": "CVE-2010-2762", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-09-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-2762\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2762"], "threat_severity": "Critical"}

{}