Revision Date: | 2013-04-29 | Version: | 12 | Title: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | Description: | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | Family: | unix | Class: | vulnerability | Status: | ACCEPTED | Reference(s): | CVE-2010-0162
| Platform(s): | CentOS Linux 4 CentOS Linux 5 Oracle Linux 4 Oracle Linux 5 Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5
| Product(s): | | Definition Synopsis | OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4
The operating system installed on the system is Red Hat Enterprise Linux 4
OR CentOS Linux 4.x
OR Oracle Linux 4.x
AND firefox is earlier than 0:3.0.18-1.el4
OR OS Section: RHEL5, CentOS5, Oracle Linux 5
RHEL5, CentOS5 or Oracle Linux 5
The operating system installed on the system is Red Hat Enterprise Linux 5
OR The operating system installed on the system is CentOS Linux 5.x
OR Oracle Linux 5.x
AND Configuration section
xulrunner-devel-unstable is earlier than 0:1.9.0.18-1.el5_4
OR xulrunner-devel is earlier than 0:1.9.0.18-1.el5_4
OR firefox is earlier than 0:3.0.18-1.el5_4
OR xulrunner is earlier than 0:1.9.0.18-1.el5_4
|
|