CVE-2010-2769

Priority
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12
and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,
and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject
arbitrary web script or HTML via a selection that is added to a document in
which the designMode property is enabled.
Notes
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages for
  builds that use the system xulrunner, and firefox source packages for those
  that use a static build
  xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS (system xul)
  xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS (system xul)
  xulrunner-1.9: (ignored) reverse dependencies no longer process web content
  xulrunner-1.9.1: (ignored) reverese dependencies no longer process web content
  xulrunner-1.9.2: system xul for reverese dependencies that process web content
  firefox: Ubuntu 6.06 LTS (static build)
  firefox: Ubuntu 10.04 LTS and higher (static build of 3.6.x or higher)
  firefox-3.0: Ubuntu 8.04 LTS, 9.04 (static build of 3.6.x)
  firefox-3.5: Ubuntu 9.04 (ignored, uses system xul 1.9.1. Use 3.0 instead)
  firefox-3.5: Ubuntu 9.10 (static build of 3.6.x)
Assigned-to
chriscoulson
Package
Upstream:released (3.6.9)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:needs-triage (Ubuntu source uses 3.6.x)
Package
Upstream:released (2.0.7)
Package
Priority: Negligible
Upstream:released (3.0.7, 3.1.3)
Package
Upstream:released (1.9.1.12)
Package
Upstream:released (1.9.2.9)
More Information

Updated: 2018-10-31 20:55:27 UTC (commit cfa7cf69d76449ccff972ac22f40976a08d908c2)