Bug 586580 (CVE-2010-0182)

Summary: CVE-2010-0182 mozilla: XMLDocument::load() doesn't check nsIContentPolicy (MFSA 2010-24)
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gecko-bugs-nobody, tao
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,cvss2=4.3/AV:N/AC:M/Au:N/C:N/I:P/A:N,public=20100330,reported=20100330,source=internet,rhel-4/firefox=affected,rhel-5/firefox=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-04-12 18:16:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Vincent Danen 2010-04-27 22:03:23 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0182 to
the following vulnerability:

The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content.

References:

http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
https://bugzilla.mozilla.org/show_bug.cgi?id=490790
http://www.securityfocus.com/bid/39479

This issue has been corrected upstream in Firefox 3.5.x and 3.6.x.  It has not yet been addressed in Firefox 3.0.x.

Comment 1 errata-xmlrpc 2010-06-22 22:01:58 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2010:0500 https://rhn.redhat.com/errata/RHSA-2010-0500.html

Comment 2 errata-xmlrpc 2010-06-22 22:29:25 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0501 https://rhn.redhat.com/errata/RHSA-2010-0501.html

Comment 3 errata-xmlrpc 2010-06-25 15:32:53 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0501 https://rhn.redhat.com/errata/RHSA-2010-0501.html