VulnerableCode Vulnerability Details - VCID-sq7j-me19-fyey

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-sq7j-me19-fyey

Essentials
Severities (2)
References (10)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-sq7j-me19-fyey
Aliases	CVE-2010-3770
Summary	Security researchers Yosuke Hasegawa and Masatoshi Kimura reported that the x-mac-arabic, x-mac-farsi and x-mac-hebrew character encodings are vulnerable to XSS attacks due to some characters being converted to angle brackets when displayed by the rendering engine. Sites using these character encodings would thus be potentially vulnerable to script injection attacks if their script filtering code fails to strip out these specific characters.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
epss	0.08052	https://api.first.org/data/v1/epss?cve=CVE-2010-3770
generic_textual	none	https://www.mozilla.org/en-US/security/advisories/mfsa2010-84

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-3770.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-3770
660439		https://bugzilla.redhat.com/show_bug.cgi?id=660439
CVE-2010-3770		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3770
CVE-2010-3770;OSVDB-69772	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35095.txt
CVE-2010-3770;OSVDB-69772	Exploit	https://www.securityfocus.com/bid/45353/info
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
mfsa2010-84		https://www.mozilla.org/en-US/security/advisories/mfsa2010-84
RHSA-2010:0966		https://access.redhat.com/errata/RHSA-2010:0966
USN-1019-1		https://usn.ubuntu.com/1019-1/

Data source	Exploit-DB
Date added	Dec. 9, 2010
Description	Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities
Ransomware campaign use	Known
Source publication date	Dec. 9, 2010
Exploit type	remote
Platform	linux
Source update date	Oct. 28, 2014
Source URL	https://www.securityfocus.com/bid/45353/info

Exploit Prediction Scoring System (EPSS)

Percentile	0.92248
EPSS Score	0.08052
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:18.750950+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2010/mfsa2010-84.md	38.6.0