CVE-2010-0182

NameCVE-2010-0182
DescriptionThe XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2075-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
icedove (PTS)jessie1:52.3.0-4~deb8u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceapesourcelenny(not affected)
iceapesource(unstable)2.0.4-1
icedovesourcelenny(unfixed)end-of-life
icedovesource(unstable)3.0.4-1
iceweaselsourcelenny(not affected)
iceweaselsource(unstable)3.5.11-2
xulrunnersourcelenny1.9.0.19-3DSA-2075-1
xulrunnersource(unstable)1.9.1.9-1low

Notes

[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[lenny] - iceape <not-affected> (Only a stub package)

Search for package or bug name: Reporting problems