Lucene search

[email protected]NVD:CVE-2002-2436

HistoryDec 07, 2011 - 7:55 p.m.

CVE-2002-2436

2011-12-0719:55:01

CWE-200

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.6.24

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0.10

mozillafirefoxMatch3.0.11

mozillafirefoxMatch3.0.12

mozillafirefoxMatch3.0.13

mozillafirefoxMatch3.0.14

mozillafirefoxMatch3.0.15

mozillafirefoxMatch3.0.16

mozillafirefoxMatch3.0.17

mozillafirefoxMatch3.5

mozillafirefoxMatch3.5.1

mozillafirefoxMatch3.5.2

mozillafirefoxMatch3.5.3

mozillafirefoxMatch3.5.4

mozillafirefoxMatch3.5.5

mozillafirefoxMatch3.5.6

mozillafirefoxMatch3.5.7

mozillafirefoxMatch3.5.8

mozillafirefoxMatch3.5.9

mozillafirefoxMatch3.5.10

mozillafirefoxMatch3.5.11

mozillafirefoxMatch3.5.12

mozillafirefoxMatch3.5.13

mozillafirefoxMatch3.5.14

mozillafirefoxMatch3.5.15

mozillafirefoxMatch3.6

mozillafirefoxMatch3.6.1

mozillafirefoxMatch3.6.2

mozillafirefoxMatch3.6.3

mozillafirefoxMatch3.6.4

mozillafirefoxMatch3.6.6

mozillafirefoxMatch3.6.7

mozillafirefoxMatch3.6.8

mozillafirefoxMatch3.6.9

mozillafirefoxMatch3.6.10

mozillafirefoxMatch3.6.11

mozillafirefoxMatch3.6.12

mozillafirefoxMatch3.6.13

mozillafirefoxMatch3.6.14

mozillafirefoxMatch3.6.15

mozillafirefoxMatch3.6.16

mozillafirefoxMatch3.6.17

mozillafirefoxMatch3.6.18

mozillafirefoxMatch3.6.19

mozillafirefoxMatch3.6.20

mozillafirefoxMatch3.6.21

mozillafirefoxMatch3.6.22

mozillafirefoxMatch3.6.23

Node

mozillathunderbirdRange≤3.1.16

mozillathunderbirdMatch3.0

mozillathunderbirdMatch3.0.1

mozillathunderbirdMatch3.0.2

mozillathunderbirdMatch3.0.3

mozillathunderbirdMatch3.0.4

mozillathunderbirdMatch3.0.5

mozillathunderbirdMatch3.0.6

mozillathunderbirdMatch3.0.7

mozillathunderbirdMatch3.0.8

mozillathunderbirdMatch3.0.9

mozillathunderbirdMatch3.0.10

mozillathunderbirdMatch3.0.11

mozillathunderbirdMatch3.1

mozillathunderbirdMatch3.1.1

mozillathunderbirdMatch3.1.2

mozillathunderbirdMatch3.1.3

mozillathunderbirdMatch3.1.4

mozillathunderbirdMatch3.1.5

mozillathunderbirdMatch3.1.6

mozillathunderbirdMatch3.1.7

mozillathunderbirdMatch3.1.8

mozillathunderbirdMatch3.1.9

mozillathunderbirdMatch3.1.10

mozillathunderbirdMatch3.1.11

mozillathunderbirdMatch3.1.12

mozillathunderbirdMatch3.1.13

mozillathunderbirdMatch3.1.14

mozillathunderbirdMatch3.1.15

Node

mozillaseamonkeyRange≤2.1alpha3

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.14

mozillaseamonkeyMatch1.1.15

mozillaseamonkeyMatch1.1.16

mozillaseamonkeyMatch1.1.17

mozillaseamonkeyMatch1.1.18

mozillaseamonkeyMatch1.1.19

mozillaseamonkeyMatch1.5.0.8

mozillaseamonkeyMatch1.5.0.9

mozillaseamonkeyMatch1.5.0.10

mozillaseamonkeyMatch2.0

mozillaseamonkeyMatch2.0alpha_1

mozillaseamonkeyMatch2.0alpha_2

mozillaseamonkeyMatch2.0alpha_3

mozillaseamonkeyMatch2.0beta_1

mozillaseamonkeyMatch2.0beta_2

mozillaseamonkeyMatch2.0rc1

mozillaseamonkeyMatch2.0rc2

mozillaseamonkeyMatch2.0.1

mozillaseamonkeyMatch2.0.2

mozillaseamonkeyMatch2.0.3

mozillaseamonkeyMatch2.0.4

mozillaseamonkeyMatch2.0.5

mozillaseamonkeyMatch2.0.6

mozillaseamonkeyMatch2.0.7

mozillaseamonkeyMatch2.0.8

mozillaseamonkeyMatch2.0.9

mozillaseamonkeyMatch2.0.10

mozillaseamonkeyMatch2.0.11

mozillaseamonkeyMatch2.0.12

mozillaseamonkeyMatch2.0.13

mozillaseamonkeyMatch2.0.14

mozillaseamonkeyMatch2.0a1pre

mozillaseamonkeyMatch2.1alpha1

mozillaseamonkeyMatch2.1alpha2

References

blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/

bugzilla.mozilla.org/show_bug.cgi?id=147777

w2spconf.com/2010/papers/p26.pdf

developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector

exchange.xforce.ibmcloud.com/vulnerabilities/71816

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Related for NVD:CVE-2002-2436

cve6 cvelist6 nvd5 prion4 debiancve2 ubuntucve2 openvas23 nessus9 freebsd1 fedora6