What is the severity of CVE-2010-1585?

CVE-2010-1585 has a moderate severity rating as it can lead to cross-context scripting attacks.

How do I fix CVE-2010-1585?

To fix CVE-2010-1585, users should upgrade to the latest versions of Mozilla Firefox, Thunderbird, or SeaMonkey that are not affected by this vulnerability.

What versions are affected by CVE-2010-1585?

CVE-2010-1585 affects Mozilla Firefox versions before 3.6.14, Thunderbird versions before 3.1.8, and SeaMonkey versions before 2.0.12.

What kind of attack does CVE-2010-1585 allow?

CVE-2010-1585 allows attackers to execute malicious scripts via improperly sanitized HTML in Chrome documents.

Is there a workaround for CVE-2010-1585 if I cannot update?

There are no specific workarounds for CVE-2010-1585; the best practice is to update to a patched version of the software.

Vulnerability/
CVE-2010-1585

critical

9.3

CWE

28/4/2010

7/8/2024

CVE-2010-1585: Input Validation

First published: Wed Apr 28 2010(Updated: )

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Firefox	=3.6.2
Firefox	=3.6.3
Firefox	=3.6.11
Firefox	=3.6.8
Firefox	=3.6.9
Firefox	=3.6.12
Firefox	=3.6.6
Firefox	=3.6.10
Firefox	=3.6.7
Firefox	=3.6.4
Firefox	=3.6
Firefox	=3.6.13
Mozilla SeaMonkey	=2.0.10
Mozilla SeaMonkey	=1.1.10
Mozilla SeaMonkey	=1.0.3
Mozilla SeaMonkey	=1.1.8
Mozilla SeaMonkey	=1.0.1
Mozilla SeaMonkey	=1.1.7
Mozilla SeaMonkey	=1.5.0.10
Mozilla SeaMonkey	=1.0.6
Mozilla SeaMonkey	=1.0.9
Mozilla SeaMonkey	=1.1.3
Mozilla SeaMonkey	=2.0.4
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=2.0.3
Mozilla SeaMonkey	=2.0.2
Mozilla SeaMonkey	=1.1.17
Mozilla SeaMonkey	=2.0-alpha_2
Mozilla SeaMonkey	=1.1.5
Mozilla SeaMonkey	=2.0.8
Mozilla SeaMonkey	=1.0.7
Mozilla SeaMonkey	=1.0-beta
Mozilla SeaMonkey	=1.1-alpha
Mozilla SeaMonkey	=2.0-rc2
Mozilla SeaMonkey	=2.0-alpha_3
Mozilla SeaMonkey	=1.0-alpha
Mozilla SeaMonkey	=1.1.12
Mozilla SeaMonkey	=1.1
Mozilla SeaMonkey	=1.1.14
Mozilla SeaMonkey	=1.1.2
Mozilla SeaMonkey	=2.0-beta_2
Mozilla SeaMonkey	=1.0.2
Mozilla SeaMonkey	=1.0.8
Mozilla SeaMonkey	=1.1.11
Mozilla SeaMonkey	=2.0-alpha_1
Mozilla SeaMonkey	=1.5.0.9
Mozilla SeaMonkey	=1.1-beta
Mozilla SeaMonkey	=1.1.1
Mozilla SeaMonkey	=2.0.9
Mozilla SeaMonkey	=1.5.0.8
Mozilla SeaMonkey	=2.0.1
Mozilla SeaMonkey	=1.0.5
Mozilla SeaMonkey	=1.1.15
Mozilla SeaMonkey	=1.1.6
Mozilla SeaMonkey	=2.0.7
Mozilla SeaMonkey	=1.1.16
Mozilla SeaMonkey	<=2.0.11
Mozilla SeaMonkey	=2.0-beta_1
Mozilla SeaMonkey	=1.1.19
Mozilla SeaMonkey	=2.0.5
Mozilla SeaMonkey	=2.0-rc1
Mozilla SeaMonkey	=1.0.4
Mozilla SeaMonkey	=1.1.9
Mozilla SeaMonkey	=1.1.13
Mozilla SeaMonkey	=1.1.18
Mozilla SeaMonkey	=2.0.6
Mozilla SeaMonkey	=2.0
Mozilla SeaMonkey	=1.1.4
Firefox	=2.0.0.12
Firefox	=1.5-beta2
Firefox	=3.0.17
Firefox	=3.5.3
Firefox	=3.0.7
Firefox	=1.5.2
Firefox	=3.0.9
Firefox	=1.5.0.6
Firefox	=2.0.0.2
Firefox	=1.5.0.10
Firefox	=1.5.0.3
Firefox	<=3.5.16
Firefox	=3.5.6
Firefox	=3.0.8
Firefox	=1.5.0.11
Firefox	=1.5.4
Firefox	=1.0.2
Firefox	=3.5
Firefox	=3.5.5
Firefox	=3.0.4
Firefox	=1.5-beta1
Firefox	=3.5.9
Firefox	=3.5.4
Firefox	=3.5.7
Firefox	=3.0.5
Firefox	=3.5.11
Firefox	=1.5
Firefox	=3.5.14
Firefox	=1.0.4
Firefox	=2.0.0.7
Firefox	=1.0.7
Firefox	=3.5.10
Firefox	=3.5.1
Firefox	=2.0.0.9
Firefox	=3.0.14
Firefox	=3.5.2
Firefox	=2.0.0.16
Firefox	=1.5.6
Firefox	=2.0.0.17
Firefox	=2.0.0.15
Firefox	=3.0.10
Firefox	=3.0.12
Firefox	=1.0
Firefox	=3.0.3
Firefox	=1.5.0.7
Firefox	=2.0
Firefox	=1.0.1
Firefox	=2.0.0.14
Firefox	=3.0.6
Firefox	=3.0.15
Firefox	=1.5.0.8
Firefox	=2.0.0.3
Firefox	=3.5.12
Firefox	=1.5.0.9
Firefox	=1.5.0.5
Firefox	=1.5.7
Firefox	=1.5.0.12
Firefox	=2.0.0.6
Firefox	=3.0
Firefox	=2.0.0.11
Firefox	=1.5.0.2
Firefox	=1.0.3
Firefox	=3.0.1
Firefox	=2.0.0.4
Firefox	=1.5.1
Firefox	=2.0.0.13
Firefox	=2.0.0.18
Firefox	=3.5.13
Firefox	=2.0.0.1
Firefox	=3.0.2
Firefox	=3.5.8
Firefox	=1.5.5
Firefox	=1.0-preview_release
Firefox	=3.5.15
Firefox	=2.0.0.20
Firefox	=2.0.0.8
Firefox	=2.0.0.19
Firefox	=1.5.8
Firefox	=1.5.3
Firefox	=1.5.0.4
Firefox	=1.5.0.1
Firefox	=3.0.13
Firefox	=1.0.5
Firefox	=2.0.0.5
Firefox	=2.0.0.10
Firefox	=1.0.6
Firefox	=3.0.16
Firefox	=1.0.8
Firefox	=3.0.11
Thunderbird	=3.0.8
Thunderbird	=3.0.5
Thunderbird	=1.5.0.7
Thunderbird	=0.6
Thunderbird	=0.7.2
Thunderbird	=2.0.0.4
Thunderbird	=3.0.9
Thunderbird	=2.0.0.6
Thunderbird	=0.3
Thunderbird	=2.0.0.21
Thunderbird	=3.0.1
Thunderbird	=0.2
Thunderbird	=3.1.2
Thunderbird	=3.1.1
Thunderbird	=1.0.7
Thunderbird	=2.0.0.18
Thunderbird	=2.0.0.9
Thunderbird	=2.0.0.16
Thunderbird	=2.0.0.8
Thunderbird	=2.0.0.7
Thunderbird	=1.7.1
Thunderbird	=1.5.0.3
Thunderbird	=1.5.0.10
Thunderbird	=1.5.0.5
Thunderbird	=3.1.4
Thunderbird	=1.5.0.6
Thunderbird	=1.0
Thunderbird	=3.0.7
Thunderbird	=2.0.0.3
Thunderbird	=3.0.6
Thunderbird	=1.0.1
Thunderbird	=1.5-beta2
Thunderbird	=2.0.0.2
Thunderbird	=3.0.10
Thunderbird	=3.0.3
Thunderbird	=1.0.2
Thunderbird	=2.0.0.0
Thunderbird	=1.5.0.13
Thunderbird	=3.1.5
Thunderbird	=3.0.11
Thunderbird	=2.0.0.12
Thunderbird	=2.0.0.22
Thunderbird	=1.5
Thunderbird	=1.5.0.2
Thunderbird	=1.5.0.8
Thunderbird	=2.0.0.14
Thunderbird	=3.0.4
Thunderbird	=0.5
Thunderbird	=1.0.4
Thunderbird	=1.5.2
Thunderbird	=2.0.0.17
Thunderbird	=2.0.0.23
Thunderbird	=1.5.0.9
Thunderbird	=1.5.0.11
Thunderbird	=0.9
Thunderbird	=1.0.3
Thunderbird	=2.0
Thunderbird	=3.0
Thunderbird	=1.5.0.12
Thunderbird	=0.7.3
Thunderbird	=0.4
Thunderbird	=1.5.1
Thunderbird	=0.7
Thunderbird	=1.5.0.14
Thunderbird	=3.1
Thunderbird	=1.0.6
Thunderbird	=3.1.3
Thunderbird	=2.0.0.5
Thunderbird	=3.1.6
Thunderbird	=1.7.3
Thunderbird	=2.0.0.1
Thunderbird	=1.5.0.1
Thunderbird	=1.0.8
Thunderbird	=0.1
Thunderbird	=0.7.1
Thunderbird	=1.0.5
Thunderbird	=0.8
Thunderbird	<=3.1.7
Thunderbird	=3.0.2
Thunderbird	=2.0.0.19
Thunderbird	=1.5.0.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1585?
CVE-2010-1585 has a moderate severity rating as it can lead to cross-context scripting attacks.
How do I fix CVE-2010-1585?
To fix CVE-2010-1585, users should upgrade to the latest versions of Mozilla Firefox, Thunderbird, or SeaMonkey that are not affected by this vulnerability.
What versions are affected by CVE-2010-1585?
CVE-2010-1585 affects Mozilla Firefox versions before 3.6.14, Thunderbird versions before 3.1.8, and SeaMonkey versions before 2.0.12.
What kind of attack does CVE-2010-1585 allow?
CVE-2010-1585 allows attackers to execute malicious scripts via improperly sanitized HTML in Chrome documents.
Is there a workaround for CVE-2010-1585 if I cannot update?
There are no specific workarounds for CVE-2010-1585; the best practice is to update to a patched version of the software.

agent/type
agent/references
agent/weakness
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/mozilla
canonical/firefox
version/firefox/3.6.2
version/firefox/3.6.3
version/firefox/3.6.11
version/firefox/3.6.8
version/firefox/3.6.9
version/firefox/3.6.12
version/firefox/3.6.6
version/firefox/3.6.10
version/firefox/3.6.7
version/firefox/3.6.4
version/firefox/3.6
version/firefox/3.6.13
canonical/mozilla seamonkey
version/mozilla seamonkey/2.0.10
version/mozilla seamonkey/1.1.10
version/mozilla seamonkey/1.0.3
version/mozilla seamonkey/1.1.8
version/mozilla seamonkey/1.0.1
version/mozilla seamonkey/1.1.7
version/mozilla seamonkey/1.5.0.10
version/mozilla seamonkey/1.0.6
version/mozilla seamonkey/1.0.9
version/mozilla seamonkey/1.1.3
version/mozilla seamonkey/2.0.4
version/mozilla seamonkey/1.0
version/mozilla seamonkey/2.0.3
version/mozilla seamonkey/2.0.2
version/mozilla seamonkey/1.1.17
version/mozilla seamonkey/2.0-alpha_2
version/mozilla seamonkey/1.1.5
version/mozilla seamonkey/2.0.8
version/mozilla seamonkey/1.0.7
version/mozilla seamonkey/1.0-beta
version/mozilla seamonkey/1.1-alpha
version/mozilla seamonkey/2.0-rc2
version/mozilla seamonkey/2.0-alpha_3
version/mozilla seamonkey/1.0-alpha
version/mozilla seamonkey/1.1.12
version/mozilla seamonkey/1.1
version/mozilla seamonkey/1.1.14
version/mozilla seamonkey/1.1.2
version/mozilla seamonkey/2.0-beta_2
version/mozilla seamonkey/1.0.2
version/mozilla seamonkey/1.0.8
version/mozilla seamonkey/1.1.11
version/mozilla seamonkey/2.0-alpha_1
version/mozilla seamonkey/1.5.0.9
version/mozilla seamonkey/1.1-beta
version/mozilla seamonkey/1.1.1
version/mozilla seamonkey/2.0.9
version/mozilla seamonkey/1.5.0.8
version/mozilla seamonkey/2.0.1
version/mozilla seamonkey/1.0.5
version/mozilla seamonkey/1.1.15
version/mozilla seamonkey/1.1.6
version/mozilla seamonkey/2.0.7
version/mozilla seamonkey/1.1.16
version/mozilla seamonkey/2.0.11
version/mozilla seamonkey/2.0-beta_1
version/mozilla seamonkey/1.1.19
version/mozilla seamonkey/2.0.5
version/mozilla seamonkey/2.0-rc1
version/mozilla seamonkey/1.0.4
version/mozilla seamonkey/1.1.9
version/mozilla seamonkey/1.1.13
version/mozilla seamonkey/1.1.18
version/mozilla seamonkey/2.0.6
version/mozilla seamonkey/2.0
version/mozilla seamonkey/1.1.4
version/firefox/2.0.0.12
version/firefox/1.5-beta2
version/firefox/3.0.17
version/firefox/3.5.3
version/firefox/3.0.7
version/firefox/1.5.2
version/firefox/3.0.9
version/firefox/1.5.0.6
version/firefox/2.0.0.2
version/firefox/1.5.0.10
version/firefox/1.5.0.3
version/firefox/3.5.16
version/firefox/3.5.6
version/firefox/3.0.8
version/firefox/1.5.0.11
version/firefox/1.5.4
version/firefox/1.0.2
version/firefox/3.5
version/firefox/3.5.5
version/firefox/3.0.4
version/firefox/1.5-beta1
version/firefox/3.5.9
version/firefox/3.5.4
version/firefox/3.5.7
version/firefox/3.0.5
version/firefox/3.5.11
version/firefox/1.5
version/firefox/3.5.14
version/firefox/1.0.4
version/firefox/2.0.0.7
version/firefox/1.0.7
version/firefox/3.5.10
version/firefox/3.5.1
version/firefox/2.0.0.9
version/firefox/3.0.14
version/firefox/3.5.2
version/firefox/2.0.0.16
version/firefox/1.5.6
version/firefox/2.0.0.17
version/firefox/2.0.0.15
version/firefox/3.0.10
version/firefox/3.0.12
version/firefox/1.0
version/firefox/3.0.3
version/firefox/1.5.0.7
version/firefox/2.0
version/firefox/1.0.1
version/firefox/2.0.0.14
version/firefox/3.0.6
version/firefox/3.0.15
version/firefox/1.5.0.8
version/firefox/2.0.0.3
version/firefox/3.5.12
version/firefox/1.5.0.9
version/firefox/1.5.0.5
version/firefox/1.5.7
version/firefox/1.5.0.12
version/firefox/2.0.0.6
version/firefox/3.0
version/firefox/2.0.0.11
version/firefox/1.5.0.2
version/firefox/1.0.3
version/firefox/3.0.1
version/firefox/2.0.0.4
version/firefox/1.5.1
version/firefox/2.0.0.13
version/firefox/2.0.0.18
version/firefox/3.5.13
version/firefox/2.0.0.1
version/firefox/3.0.2
version/firefox/3.5.8
version/firefox/1.5.5
version/firefox/1.0-preview_release
version/firefox/3.5.15
version/firefox/2.0.0.20
version/firefox/2.0.0.8
version/firefox/2.0.0.19
version/firefox/1.5.8
version/firefox/1.5.3
version/firefox/1.5.0.4
version/firefox/1.5.0.1
version/firefox/3.0.13
version/firefox/1.0.5
version/firefox/2.0.0.5
version/firefox/2.0.0.10
version/firefox/1.0.6
version/firefox/3.0.16
version/firefox/1.0.8
version/firefox/3.0.11
canonical/thunderbird
version/thunderbird/3.0.8
version/thunderbird/3.0.5
version/thunderbird/1.5.0.7
version/thunderbird/0.6
version/thunderbird/0.7.2
version/thunderbird/2.0.0.4
version/thunderbird/3.0.9
version/thunderbird/2.0.0.6
version/thunderbird/0.3
version/thunderbird/2.0.0.21
version/thunderbird/3.0.1
version/thunderbird/0.2
version/thunderbird/3.1.2
version/thunderbird/3.1.1
version/thunderbird/1.0.7
version/thunderbird/2.0.0.18
version/thunderbird/2.0.0.9
version/thunderbird/2.0.0.16
version/thunderbird/2.0.0.8
version/thunderbird/2.0.0.7
version/thunderbird/1.7.1
version/thunderbird/1.5.0.3
version/thunderbird/1.5.0.10
version/thunderbird/1.5.0.5
version/thunderbird/3.1.4
version/thunderbird/1.5.0.6
version/thunderbird/1.0
version/thunderbird/3.0.7
version/thunderbird/2.0.0.3
version/thunderbird/3.0.6
version/thunderbird/1.0.1
version/thunderbird/1.5-beta2
version/thunderbird/2.0.0.2
version/thunderbird/3.0.10
version/thunderbird/3.0.3
version/thunderbird/1.0.2
version/thunderbird/2.0.0.0
version/thunderbird/1.5.0.13
version/thunderbird/3.1.5
version/thunderbird/3.0.11
version/thunderbird/2.0.0.12
version/thunderbird/2.0.0.22
version/thunderbird/1.5
version/thunderbird/1.5.0.2
version/thunderbird/1.5.0.8
version/thunderbird/2.0.0.14
version/thunderbird/3.0.4
version/thunderbird/0.5
version/thunderbird/1.0.4
version/thunderbird/1.5.2
version/thunderbird/2.0.0.17
version/thunderbird/2.0.0.23
version/thunderbird/1.5.0.9
version/thunderbird/1.5.0.11
version/thunderbird/0.9
version/thunderbird/1.0.3
version/thunderbird/2.0
version/thunderbird/3.0
version/thunderbird/1.5.0.12
version/thunderbird/0.7.3
version/thunderbird/0.4
version/thunderbird/1.5.1
version/thunderbird/0.7
version/thunderbird/1.5.0.14
version/thunderbird/3.1
version/thunderbird/1.0.6
version/thunderbird/3.1.3
version/thunderbird/2.0.0.5
version/thunderbird/3.1.6
version/thunderbird/1.7.3
version/thunderbird/2.0.0.1
version/thunderbird/1.5.0.1
version/thunderbird/1.0.8
version/thunderbird/0.1
version/thunderbird/0.7.1
version/thunderbird/1.0.5
version/thunderbird/0.8
version/thunderbird/3.1.7
version/thunderbird/3.0.2
version/thunderbird/2.0.0.19
version/thunderbird/1.5.0.4