CVE-2010-3770

Publication date 9 December 2010

Last updated 24 July 2024

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	10.10 maverick	Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Not in release
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life
firefox-3.0	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Fixed 3.6.13+build3+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
firefox-3.5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Fixed 3.6.13+build3+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
seamonkey	10.10 maverick	Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 2.0.11+build1+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 2.0.11+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
xulrunner-1.9.2	10.10 maverick	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release

CVE-2010-3770

Status

Notes

jdstrand

References

Related Ubuntu Security Notices (USN)

Other references