CVE-2010-3775

Publication date 9 December 2010

Last updated 24 July 2024

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
firefox	10.10 maverick	Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Not in release
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored
firefox-3.0	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	8.04 LTS hardy	Fixed 3.6.13+build3+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
firefox-3.5	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Fixed 3.6.13+build3+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
seamonkey	10.10 maverick	Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 2.0.11+build1+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 2.0.11+build1+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release
xulrunner-1.9.2	10.10 maverick	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1
	10.04 LTS lucid	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1
	9.10 karmic	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1
	8.04 LTS hardy	Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1
	6.06 LTS dapper	Not in release

CVE-2010-3775

Status

Notes

jdstrand

References

Related Ubuntu Security Notices (USN)

Other references