CVE-2010-0182 (retired)

Priority
Description
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x
before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not
perform the expected nsIContentPolicy checks during loading of content by
XML documents, which allows attackers to bypass intended access
restrictions via crafted content.
Notes
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
  mapping of xulrunner sources to firefox is:
  xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
  xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
  xulrunner-1.9: firefox-3.0
  xulrunner-1.9.1: firefox-3.5
 jdstrand: Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
  the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Assigned-to
chrisccoulson
Package
Upstream:released (3.6.3)
Package
Upstream:released (2.0.4)
Package
Priority: Negligible
Upstream:released (3.0.4)
Package
Upstream:needs-triage
Package
Upstream:released (1.9.0.19)
Package
Upstream:released (1.9.1.9)
More Information

Updated: 2019-03-26 11:50:23 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)