CVE-2010-0168
Mozilla Firefox 3.6 - Image Preloading Content-Policy Check Security Bypass
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.
La función nsDocument::MaybePreLoadImage en content/base/src/nsDocument.cpp en la implementación de precarga de imagen en Mozilla Firefox v3.6 anterior a v3.6.2 no aplica los esquemas y políticas de restricción a las URLs de imágenes, lo que permite a atacantes remotos producir una denegación de servicio (caída de aplicación o colgado) o secuestrar la funcionalidad de las extensión del navegador a través de un atributo SRC manipulado de un elemento IMG, como se demuestra en la ejecución remota de comandos a través de un ssh: una URL en un configuración que soporta gnome-vfs con un ajuste network.gnomevfs.supported-protocols no estándar.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-01-06 CVE Reserved
- 2010-03-18 First Exploit
- 2010-03-25 CVE Published
- 2024-08-07 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.mozilla.org/security/announce/2010/mfsa2010-13.html | X_refsource_confirm | |
| http://www.vupen.com/english/advisories/2010/0692 | Vdb Entry | |
| https://bugzilla.mozilla.org/show_bug.cgi?id=540642 | X_refsource_confirm | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8711 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33798 | 2010-03-18 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/38918 | 2017-09-19 |
| URL | Date | SRC |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6 Search vendor "Mozilla" for product "Firefox" and version "3.6" | - |
Affected
| ||||||
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | 3.6.1 Search vendor "Mozilla" for product "Firefox" and version "3.6.1" | - |
Affected
| ||||||