CVE-2010-3774

The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site.

Published: 2010-12-10 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2010-3774 is rated Moderate Risk (44.1/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 1.01%). Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2010-3774

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-04-12 1.17% 1.01% -0.15%
2 2025-03-30 1.95% 1.17% -0.78%
3 2025-03-29 1.95%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2010-3774

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.3 2.0 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:N)
No availability impact.
 8.6 2.9 [email protected]

Weakness enumeration for CVE-2010-3774

OS Trackers for CVE-2010-3774

vendor priority summary link
gentoo high CVE-2010-3774: 1 GLSA(s) (201301-01), 14 atom(s) (dev-libs/nss, mail-client/mozilla-thunderbird, …); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2010-3774
redhat medium https://access.redhat.com/security/cve/CVE-2010-3774
ubuntu medium CVE-2010-3774 medium priority: Ubuntu including 5 source packages (firefox, firefox-3.0, firefox-3.5, seamonkey, xulrunner-1.9.2), 30 status rows across 6 suites (dapper, hardy, karmic, lucid, maverick, upstream): released 14, DNE 11, needs-triage 3, ignored 2. https://ubuntu.com/security/CVE-2010-3774

Affected software / configurations for CVE-2010-3774

Vendor Product Version Raw CPE
mozilla firefox 3.6 cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
mozilla firefox 3.6.2 cpe:2.3:a:mozilla:firefox:3.6.2:*:*:*:*:*:*:*
mozilla firefox 3.6.3 cpe:2.3:a:mozilla:firefox:3.6.3:*:*:*:*:*:*:*
mozilla firefox 3.6.4 cpe:2.3:a:mozilla:firefox:3.6.4:*:*:*:*:*:*:*
mozilla firefox 3.6.6 cpe:2.3:a:mozilla:firefox:3.6.6:*:*:*:*:*:*:*
mozilla firefox 3.6.7 cpe:2.3:a:mozilla:firefox:3.6.7:*:*:*:*:*:*:*
mozilla firefox 3.6.8 cpe:2.3:a:mozilla:firefox:3.6.8:*:*:*:*:*:*:*
mozilla firefox 3.6.9 cpe:2.3:a:mozilla:firefox:3.6.9:*:*:*:*:*:*:*
mozilla firefox 3.6.10 cpe:2.3:a:mozilla:firefox:3.6.10:*:*:*:*:*:*:*
mozilla firefox 3.6.11 cpe:2.3:a:mozilla:firefox:3.6.11:*:*:*:*:*:*:*
mozilla firefox 3.6.12 cpe:2.3:a:mozilla:firefox:3.6.12:*:*:*:*:*:*:*
mozilla seamonkey <= 2.0.10 cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
mozilla seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
mozilla seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
mozilla seamonkey 1.0 cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
mozilla seamonkey 1.0.1 cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
mozilla seamonkey 1.0.2 cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
mozilla seamonkey 1.0.3 cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
mozilla seamonkey 1.0.4 cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
mozilla seamonkey 1.0.5 cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
mozilla seamonkey 1.0.6 cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
mozilla seamonkey 1.0.7 cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
mozilla seamonkey 1.0.8 cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
mozilla seamonkey 1.0.9 cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
mozilla seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
mozilla seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
mozilla seamonkey 1.1 cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
mozilla seamonkey 1.1.1 cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
mozilla seamonkey 1.1.2 cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
mozilla seamonkey 1.1.3 cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
mozilla seamonkey 1.1.4 cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
mozilla seamonkey 1.1.5 cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
mozilla seamonkey 1.1.6 cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
mozilla seamonkey 1.1.7 cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
mozilla seamonkey 1.1.8 cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
mozilla seamonkey 1.1.9 cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
mozilla seamonkey 1.1.10 cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
mozilla seamonkey 1.1.11 cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
mozilla seamonkey 1.1.12 cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
mozilla seamonkey 1.1.13 cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
mozilla seamonkey 1.1.14 cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
mozilla seamonkey 1.1.15 cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
mozilla seamonkey 1.1.16 cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
mozilla seamonkey 1.1.17 cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
mozilla seamonkey 1.1.18 cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
mozilla seamonkey 1.1.19 cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
mozilla seamonkey 1.5.0.8 cpe:2.3:a:mozilla:seamonkey:1.5.0.8:*:*:*:*:*:*:*
mozilla seamonkey 1.5.0.9 cpe:2.3:a:mozilla:seamonkey:1.5.0.9:*:*:*:*:*:*:*
mozilla seamonkey 1.5.0.10 cpe:2.3:a:mozilla:seamonkey:1.5.0.10:*:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
mozilla seamonkey 2.0 cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
mozilla seamonkey 2.0.1 cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
mozilla seamonkey 2.0.2 cpe:2.3:a:mozilla:seamonkey:2.0.2:*:*:*:*:*:*:*
mozilla seamonkey 2.0.3 cpe:2.3:a:mozilla:seamonkey:2.0.3:*:*:*:*:*:*:*
mozilla seamonkey 2.0.4 cpe:2.3:a:mozilla:seamonkey:2.0.4:*:*:*:*:*:*:*
mozilla seamonkey 2.0.5 cpe:2.3:a:mozilla:seamonkey:2.0.5:*:*:*:*:*:*:*
mozilla seamonkey 2.0.6 cpe:2.3:a:mozilla:seamonkey:2.0.6:*:*:*:*:*:*:*
mozilla seamonkey 2.0.7 cpe:2.3:a:mozilla:seamonkey:2.0.7:*:*:*:*:*:*:*
mozilla seamonkey 2.0.8 cpe:2.3:a:mozilla:seamonkey:2.0.8:*:*:*:*:*:*:*
mozilla seamonkey 2.0.9 cpe:2.3:a:mozilla:seamonkey:2.0.9:*:*:*:*:*:*:*
mozilla firefox <= 3.5.15 cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozilla firefox 0.1 cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
mozilla firefox 0.2 cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
mozilla firefox 0.3 cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
mozilla firefox 0.4 cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
mozilla firefox 0.5 cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
mozilla firefox 0.6 cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
mozilla firefox 0.6.1 cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
mozilla firefox 0.7 cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
mozilla firefox 0.7.1 cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
mozilla firefox 0.8 cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
mozilla firefox 0.9 cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
mozilla firefox 0.9 cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
mozilla firefox 0.9.1 cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*

References for CVE-2010-3774

URL Tags
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html
http://secunia.com/advisories/42716
http://secunia.com/advisories/42818
http://support.avaya.com/css/P8/documents/100124650
http://www.mandriva.com/security/advisories?name=MDVSA-2010:251
http://www.mozilla.org/security/announce/2010/mfsa2010-83.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2010-0966.html
http://www.securitytracker.com/id?1024850
http://www.ubuntu.com/usn/USN-1019-1
http://www.vupen.com/english/advisories/2011/0030
https://bugzilla.mozilla.org/show_bug.cgi?id=602780 Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12512
cvelogic Threat Intelligence