Lucene search

MitreCVE-2010-0169

HistoryMar 25, 2010 - 9:00 p.m.

CVE-2010-0169

2010-03-2521:00:00

mitre

web.nvd.nist.gov

cve-2010-0169

cssloaderimpl

dosheetcomplete

nscssloader.cpp

remote attack

browser vulnerability

font modification

css attribute

rendering disruption

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

High

EPSS

0.013

Percentile

85.7%

JSON

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser’s font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

Affected configurations

Nvd

Node

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.0.14

mozillafirefoxMatch3.0.15

mozillafirefoxMatch3.0.16

mozillafirefoxMatch3.0.17

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

mozillafirefoxMatch3.5.6

mozillafirefoxMatch3.5.7

mozillafirefoxMatch3.6

mozillaseamonkeyRange≤2.0.2

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.51.1.10

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.1.18

mozillaseamonkeyMatch1.1.19

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_1

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillathunderbirdRange≤3.0.1

mozillathunderbirdMatch1.5

mozillathunderbirdMatch1.5beta2

mozillathunderbirdMatch1.5.0.1

mozillathunderbirdMatch1.5.0.2

mozillathunderbirdMatch1.5.0.3

mozillathunderbirdMatch1.5.0.4

mozillathunderbirdMatch1.5.0.5

mozillathunderbirdMatch1.5.0.6

mozillathunderbirdMatch1.5.0.7

mozillathunderbirdMatch1.5.0.8

mozillathunderbirdMatch1.5.0.9

mozillathunderbirdMatch1.5.0.10

mozillathunderbirdMatch1.5.0.11

mozillathunderbirdMatch1.5.0.12

mozillathunderbirdMatch1.5.0.13

mozillathunderbirdMatch1.5.0.14

mozillathunderbirdMatch1.5.1

mozillathunderbirdMatch1.5.2

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.3

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.7

mozillathunderbirdMatch2.0.0.8

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

mozillathunderbirdMatch2.0.0.18

mozillathunderbirdMatch2.0.0.19

VendorProductVersionCPE
mozillaseamonkey2.0cpe:/a:mozilla:seamonkey:2.0:alpha_1::
mozillafirefox3.5.2cpe:/a:mozilla:firefox:3.5.2:::
mozillaseamonkeycpe:/a:mozilla:seamonkey::::
mozillaseamonkey1.1.1cpe:/a:mozilla:seamonkey:1.1.1:::
mozillathunderbird2.0.0.4cpe:/a:mozilla:thunderbird:2.0.0.4:::
mozillafirefox3.0.14cpe:/a:mozilla:firefox:3.0.14:::
mozillaseamonkey1.1.13cpe:/a:mozilla:seamonkey:1.1.13:::
mozillathunderbirdcpe:/a:mozilla:thunderbird::::
mozillafirefox3.6cpe:/a:mozilla:firefox:3.6:::
mozillathunderbird2.0.0.12cpe:/a:mozilla:thunderbird:2.0.0.12:::

Vendor	Product	Version	CPE
mozilla	seamonkey	2.0	cpe:/a:mozilla:seamonkey:2.0:alpha_1::
mozilla	firefox	3.5.2	cpe:/a:mozilla:firefox:3.5.2:::
mozilla	seamonkey		cpe:/a:mozilla:seamonkey::::
mozilla	seamonkey	1.1.1	cpe:/a:mozilla:seamonkey:1.1.1:::
mozilla	thunderbird	2.0.0.4	cpe:/a:mozilla:thunderbird:2.0.0.4:::
mozilla	firefox	3.0.14	cpe:/a:mozilla:firefox:3.0.14:::
mozilla	seamonkey	1.1.13	cpe:/a:mozilla:seamonkey:1.1.13:::
mozilla	thunderbird		cpe:/a:mozilla:thunderbird::::
mozilla	firefox	3.6	cpe:/a:mozilla:firefox:3.6:::
mozilla	thunderbird	2.0.0.12	cpe:/a:mozilla:thunderbird:2.0.0.12:::