Candidate: CVE-2010-0168
PublicDate: 2010-03-25 21:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0168
 http://www.mozilla.org/security/announce/2010/mfsa2010-13.html
Description:
 The nsDocument::MaybePreLoadImage function in
 content/base/src/nsDocument.cpp in the image-preloading implementation in
 Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and
 policy restrictions to the image's URL, which might allow remote attackers
 to cause a denial of service (application crash or hang) or hijack the
 functionality of the browser's add-ons via a crafted SRC attribute of an
 IMG element, as demonstrated by remote command execution through an ssh:
 URL in a configuration that supports gnome-vfs with a nonstandard
 network.gnomevfs.supported-protocols setting.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=540642
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_firefox:
upstream_firefox: released (3.6.2)
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: not-affected
intrepid_firefox: DNE
jaunty_firefox: DNE
karmic_firefox: DNE
devel_firefox: released (3.6.3+nobinonly-0ubuntu2)