Unrated severityNVD Advisory· Published Sep 9, 2010· Updated Jun 16, 2026
CVE-2010-2762
CVE-2010-2762
Description
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
- (no CPE)range: <3.6.9
cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:mozilla:thunderbird:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:3.1.2:*:*:*:*:*:*:*
- (no CPE)range: <3.1.3
- osv-coords3 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 2 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 50.1.0-1.1
- (no CPE)range: < 45.5.1-1.1
Patches
Vulnerability mechanics
References
12- www.mozilla.org/security/announce/2010/mfsa2010-59.htmlnvdVendor Advisory
- blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxnvd
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.htmlnvd
- secunia.com/advisories/42867nvd
- support.avaya.com/css/P8/documents/100112690nvd
- www.mandriva.com/security/advisoriesnvd
- www.securityfocus.com/bid/43092nvd
- www.vupen.com/english/advisories/2010/2323nvd
- www.vupen.com/english/advisories/2011/0061nvd
- bugzilla.mozilla.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/61656nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11492nvd
News mentions
0No linked articles in our index yet.