Search for vulnerabilities
Vulnerability details: VCID-szyd-qmg2-aaar
Vulnerability ID VCID-szyd-qmg2-aaar
Aliases CVE-2010-0170
Summary Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00274 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00499 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
epss 0.00724 https://api.first.org/data/v1/epss?cve=CVE-2010-0170
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2010-0170
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2010-10
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2010-0170
https://bugzilla.mozilla.org/show_bug.cgi?id=541530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8602
http://www.mandriva.com/security/advisories?name=MDVSA-2010:070
http://www.mozilla.org/security/announce/2010/mfsa2010-10.html
http://www.securityfocus.com/bid/38918
http://www.securityfocus.com/bid/38919
http://www.vupen.com/english/advisories/2010/0692
cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
CVE-2010-0170 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0170
CVE-2010-0170 https://nvd.nist.gov/vuln/detail/CVE-2010-0170
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2010-10 https://www.mozilla.org/en-US/security/advisories/mfsa2010-10
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0170
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.68595
EPSS Score 0.00274
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.