Home > Vulnerability Database > CVE-2010-0182

Mend.io Vulnerability Database

CVE-2010-0182

Date: April 5, 2010

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

Severity Score

3.7

Related Resources (20)

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-0182

Url: http://www.redhat.com/support/errata/RHSA-2010-0500.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=490790

Url: http://support.avaya.com/css/P8/documents/100091069

Url: http://www.redhat.com/support/errata/RHSA-2010-0501.html

Url: http://www.vupen.com/english/advisories/2010/0748

Url: http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Url: https://access.redhat.com/security/cve/CVE-2010-0182

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/57396

Url: http://www.vupen.com/english/advisories/2010/1557

Url: http://ubuntu.com/usn/usn-921-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375

Url: http://secunia.com/advisories/39397

Url: http://www.securityfocus.com/bid/39479

Url: http://www.vupen.com/english/advisories/2010/0849

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-0182

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2010:070

Url: http://www.mozilla.org/security/announce/2010/mfsa2010-24.html

Url: https://www.mend.io/vulnerability-database/CVE-2010-0182

Severity Score

3.7

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-0182

Date: April 5, 2010

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?