CVE-2010-1585

Name	CVE-2010-1585
Description	The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2180-1, DSA-2186-1, DSA-2187-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
iceape	source	lenny	(not affected)
iceape	source	squeeze	2.0.11-3		DSA-2180-1
iceape	source	(unstable)	2.0.12-1
icedove	source	lenny	(unfixed)	end-of-life
icedove	source	squeeze	3.0.11-1+squeeze1		DSA-2187-1
icedove	source	(unstable)	3.0.11-2
iceweasel	source	lenny	(not affected)
iceweasel	source	squeeze	3.5.16-5		DSA-2186-1
iceweasel	source	(unstable)	3.5.17-1
xulrunner	source	lenny	1.9.0.19-8
xulrunner	source	(unstable)	(unfixed)	unimportant

Notes

[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
[lenny] - iceape <not-affected> (Only a stub package)
xulrunner in wheezy is not covered by security support