CVE-2010-0162

Priority
Description
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey
before 2.0.3, does not properly support the application/octet-stream
content type as a protection mechanism against execution of web script in
certain circumstances involving SVG and the EMBED element, which allows
remote attackers to bypass the Same Origin Policy and conduct cross-site
scripting (XSS) attacks via an embedded SVG document.
Assigned-to
asac
Notes
Package
Upstream:released (3.6)
Package
Priority: Negligible
Upstream:needs-triage
Package
Upstream:released (2.0.3)
Package
Priority: Negligible
Upstream:released (3.0.2)
Package
Upstream:released (1.9.0.18)
Package
Upstream:released (1.9.1.8)
More Information

Updated: 2020-09-10 01:34:13 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)