Search for vulnerabilities
| Vulnerability ID | VCID-76s6-dzts-b7b6 |
| Aliases |
CVE-2010-2751
|
| Summary | Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing.Security researcher Jordi Chancel reported that the location bar could be spoofed to look like a secure page when the current document was served via plaintext. The vulnerability is triggered by a server by first redirecting a request for a plaintext resource to another resource behind a valid SSL/TLS certificate. A second request made to the original plaintext resource which is responded to not with a redirect but with JavaScript containing history.back() and history.forward() will result in the plaintext resource being displayed with valid SSL/TLS badging in the location bar. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.00361 | https://api.first.org/data/v1/epss?cve=CVE-2010-2751 |
| generic_textual | none | https://www.mozilla.org/en-US/security/advisories/mfsa2010-45 |
| Reference id | Reference type | URL |
|---|---|---|
| https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2751.json | ||
| https://api.first.org/data/v1/epss?cve=CVE-2010-2751 | ||
| 615480 | https://bugzilla.redhat.com/show_bug.cgi?id=615480 | |
| CVE-2010-2751 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2751 | |
| GLSA-201301-01 | https://security.gentoo.org/glsa/201301-01 | |
| mfsa2010-45 | https://www.mozilla.org/en-US/security/advisories/mfsa2010-45 | |
| RHSA-2010:0546 | https://access.redhat.com/errata/RHSA-2010:0546 | |
| RHSA-2010:0547 | https://access.redhat.com/errata/RHSA-2010:0547 | |
| USN-930-4 | https://usn.ubuntu.com/930-4/ | |
| USN-957-1 | https://usn.ubuntu.com/957-1/ |
| Percentile | 0.58482 |
| EPSS Score | 0.00361 |
| Published At | May 29, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-29T08:27:17.821246+00:00 | Mozilla Importer | Import | https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2010/mfsa2010-45.md | 38.6.0 |