CVE-2010-2179
Description
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Adobe Flash Player versions before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610 contain a cross-site scripting vulnerability via URL parsing when used with Firefox or Chrome, allowing arbitrary script injection.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610. The flaw is triggered by unspecified URL parsing vectors that allow remote attackers to inject arbitrary web script or HTML when the Flash Player plugin is used in Firefox or Chrome [1][2][3][4].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious URL that, when parsed by the affected Flash Player or AIR component in the context of a web page viewed in Firefox or Chrome, causes the injection and execution of attacker-controlled script or HTML. No special authentication is required; the attack can be carried out remotely by enticing a user to visit a specially crafted website or click a malicious link [1][2][3][4].
Impact
Successful exploitation allows the attacker to inject arbitrary web script or HTML into the context of the victim's browser session. This can lead to data theft, session hijacking, defacement, or other actions that the compromised web application permits, affecting the confidentiality, integrity, and availability of user data [1][2][3][4].
Mitigation
Users should upgrade Adobe Flash Player to version 9.0.277.0 or later, or 10.1.53.64 or later, and Adobe AIR to version 2.0.2.12610 or later. Red Hat published advisories (RHSA-2010-0464 and RHSA-2010-0470) providing updated packages for affected Linux platforms [1][2]. This CVE has not been listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*range: <2.0.2.12610
- (no CPE)range: <= 2.0.2.12609
- Range: <= 9.0.276.0, 10.x <= 10.1.53.63
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
28- www.adobe.com/support/security/bulletins/apsb10-14.htmlnvdBroken LinkPatchThird Party AdvisoryVendor Advisory
- itrc.hp.com/service/cki/docDisplay.donvdThird Party Advisory
- lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlnvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201101-09.xmlnvdThird Party Advisory
- securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.redhat.com/support/errata/RHSA-2010-0464.htmlnvdBroken LinkThird Party Advisory
- www.redhat.com/support/errata/RHSA-2010-0470.htmlnvdBroken LinkThird Party Advisory
- www.us-cert.gov/cas/techalerts/TA10-162A.htmlnvdThird Party AdvisoryUS Government Resource
- exchange.xforce.ibmcloud.com/vulnerabilities/59328nvdThird Party AdvisoryVDB Entry
- secunia.com/advisories/40144nvdBroken Link
- secunia.com/advisories/40545nvdBroken Link
- secunia.com/advisories/43026nvdBroken Link
- securitytracker.com/idnvdBroken LinkVDB Entry
- support.apple.com/kb/HT4435nvdBroken Link
- www.securityfocus.com/bid/40759nvdBroken LinkVDB Entry
- www.securityfocus.com/bid/40808nvdBroken LinkVDB Entry
- www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txtnvdBroken Link
- www.vupen.com/english/advisories/2010/1421nvdBroken Link
- www.vupen.com/english/advisories/2010/1432nvdBroken Link
- www.vupen.com/english/advisories/2010/1434nvdBroken Link
- www.vupen.com/english/advisories/2010/1453nvdBroken Link
- www.vupen.com/english/advisories/2010/1482nvdBroken Link
- www.vupen.com/english/advisories/2010/1522nvdBroken Link
- www.vupen.com/english/advisories/2010/1793nvdBroken Link
- www.vupen.com/english/advisories/2011/0192nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126nvdBroken Link
News mentions
0No linked articles in our index yet.