CVE-2010-3774

Publication date 9 December 2010

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.

Read the notes from the security team

Status

Package Ubuntu Release Status
firefox 10.10 maverick
Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 3.6.13+build3+nobinonly-0ubuntu0.10.04.1
9.10 karmic Not in release
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life
firefox-3.0 10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic Not in release
8.04 LTS hardy
Fixed 3.6.13+build3+nobinonly-0ubuntu0.8.04.1
6.06 LTS dapper Not in release
firefox-3.5 10.10 maverick Not in release
10.04 LTS lucid Not in release
9.10 karmic
Fixed 3.6.13+build3+nobinonly-0ubuntu0.9.10.1
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
seamonkey 10.10 maverick
Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 2.0.11+build1+nobinonly-0ubuntu0.10.04.1
9.10 karmic
Fixed 2.0.11+build1+nobinonly-0ubuntu0.9.10.1
8.04 LTS hardy
Fixed 2.0.11+build1+nobinonly-0ubuntu0.8.04.1
6.06 LTS dapper Not in release
xulrunner-1.9.2 10.10 maverick
Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.10.1
10.04 LTS lucid
Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.10.04.1
9.10 karmic
Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.9.10.1
8.04 LTS hardy
Fixed 1.9.2.13+build3+nobinonly-0ubuntu0.8.04.1
6.06 LTS dapper Not in release

Notes

jdstrand

Ubuntu 11.04 (Natty Narwhal) has 4.0b7. Fixes will be in 4.0b8.

References

Related Ubuntu Security Notices (USN)

    • USN-1019-1
    • Firefox and Xulrunner vulnerabilities
    • 9 December 2010

Other references