N/A
CVE-2010-2754
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
EPSS
0.4%
percentile 62.1%
Affected tracked apps
Vulnerable CPE configurations
| Vendor | Product | Platform | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.0:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.0.1:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.0.2:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.0.3:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.0.4:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.0.5:*:*:*:*:*:*:* |
| mozilla | thunderbird | Windows | — | cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:* |