CVE-2010-2179

Published: Jun 15, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

Affected (3)

Products: Adobe: Flash Player, Air

Adobe

2 products

Flash Player

Air

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Adobe Flash Player	Before 9.0.277.0
Adobe Flash Player	From 10.0.0.0 to 10.1.53.64

Configuration B

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Air	Before 2.0.2.12610

Running on/with	Platform Versions
Google Chrome	All versions
Mozilla Firefox	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (56)

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751

Source: psirt@adobe.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html

Source: psirt@adobe.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

Source: psirt@adobe.com

Third Party Advisory

http://secunia.com/advisories/40144

Source: psirt@adobe.com

Broken Link

http://secunia.com/advisories/40545

Source: psirt@adobe.com

Broken Link

http://secunia.com/advisories/43026

Source: psirt@adobe.com

Broken Link

http://security.gentoo.org/glsa/glsa-201101-09.xml

Source: psirt@adobe.com

Third Party Advisory

http://securitytracker.com/id?1024085

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

http://securitytracker.com/id?1024086

Source: psirt@adobe.com

Broken LinkVDB Entry

http://support.apple.com/kb/HT4435

Source: psirt@adobe.com

Broken Link

http://www.adobe.com/support/security/bulletins/apsb10-14.html

Source: psirt@adobe.com

Broken LinkPatchThird Party AdvisoryVendor Advisory

http://www.redhat.com/support/errata/RHSA-2010-0464.html

Source: psirt@adobe.com

Broken LinkThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2010-0470.html

Source: psirt@adobe.com

Broken LinkThird Party Advisory

http://www.securityfocus.com/bid/40759

Source: psirt@adobe.com

Broken LinkVDB Entry

http://www.securityfocus.com/bid/40808

Source: psirt@adobe.com

Broken LinkVDB Entry

http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt

Source: psirt@adobe.com

Broken Link

http://www.us-cert.gov/cas/techalerts/TA10-162A.html

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2010/1421

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1432

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1434

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1453

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1482

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1522

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2010/1793

Source: psirt@adobe.com

Broken Link

http://www.vupen.com/english/advisories/2011/0192

Source: psirt@adobe.com

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/59328

Source: psirt@adobe.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126

Source: psirt@adobe.com

Broken Link

http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751