{
  "threat_severity" : "Moderate",
  "public_date" : "2010-07-20T00:00:00Z",
  "bugzilla" : {
    "description" : "Mozilla Cross-origin data disclosure via Web Workers and importScripts",
    "id" : "615471",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=615471"
  },
  "cvss" : {
    "cvss_base_score" : "5.1",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "status" : "verified"
  },
  "details" : [ "The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-07-21T00:00:00Z",
    "advisory" : "RHSA-2010:0547",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "firefox-0:3.6.7-2.el4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-07-21T00:00:00Z",
    "advisory" : "RHSA-2010:0547",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "firefox-0:3.6.7-2.el5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2010-07-21T00:00:00Z",
    "advisory" : "RHSA-2010:0547",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xulrunner-0:1.9.2.7-2.el5"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 4.8",
    "fix_state" : "Affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:rhel_eus:4.8"
  }, {
    "product_name" : "Red Hat Enterprise Linux Extended Update Support 5.5",
    "fix_state" : "Affected",
    "package_name" : "firefox",
    "cpe" : "cpe:/o:redhat:rhel_eus:5.5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-1213\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1213" ],
  "name" : "CVE-2010-1213",
  "csaw" : false
}