CVE-2010-2754

Name	CVE-2010-2754
Description	dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2075-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin
iceape	source	lenny	(not affected)
iceape	source	(unstable)	2.0.6-1
icedove	source	lenny	(unfixed)	end-of-life
icedove	source	(unstable)	3.0.6-1
iceweasel	source	lenny	(not affected)
iceweasel	source	(unstable)	3.5.11-2
xulrunner	source	lenny	1.9.0.19-3		DSA-2075-1
xulrunner	source	(unstable)	1.9.1.11-1

Notes

[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[lenny] - iceape <not-affected> (Only a stub package)