CVE-2010-1585

Priority
Description
The nsIScriptableUnescapeHTML.parseFragment method in the
ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17
and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before
2.0.12 does not properly sanitize HTML in a chrome document, which makes it
easier for remote attackers to execute arbitrary JavaScript with chrome
privileges via a javascript: URI in input to an extension, as demonstrated
by a javascript:alert sequence in (1) the HREF attribute of an A element or
(2) the ACTION attribute of a FORM element.
Notes
jdstrandCVEs in Firefox are tracked in the xulrunner source packages. The
mapping of xulrunner sources to firefox is:
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
xulrunner-1.9: firefox-3.0
xulrunner-1.9.1: firefox-3.5
Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
the system xulrunner-1.9.2, so it is tracked in the firefox source package.
Package
Upstream:released (3.6.14)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:released (2.0.12)
Package
Upstream:released (3.1.8)
Package
Upstream:released (1.9.2.14)
More Information

Updated: 2020-09-10 01:35:37 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)