CVE-2010-0654

2010-02-1800:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS

0.006

Percentile

78.2%

JSON

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird
3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6
permit cross-origin loading of CSS stylesheets even when the stylesheet
download has an incorrect MIME type and the stylesheet document is
malformed, which allows remote attackers to obtain sensitive information
via a crafted document.

Bugs

<http://code.google.com/p/chromium/issues/detail?id=9877>

Notes

Author	Note
jdstrand	CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. per chriscoulson, tbird requires javascript

Author

Note

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. per chriscoulson, tbird requires javascript

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 3.6.7+build2+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchfirefox< 3.6.7+build2+nobinonly-0ubuntu1UNKNOWN
ubuntu11.04noarchfirefox< 3.6.7+build2+nobinonly-0ubuntu1UNKNOWN
ubuntu11.10noarchfirefox< 3.6.7+build2+nobinonly-0ubuntu1UNKNOWN
ubuntu8.04noarchseamonkey< 2.0.8+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu9.04noarchseamonkey< 2.0.8+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchseamonkey< 2.0.8+build1+nobinonly-0ubuntu0.9.10.1UNKNOWN
ubuntu10.04noarchseamonkey< 2.0.6+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchseamonkey< 2.0.6+build1+nobinonly-0ubuntu1UNKNOWN
ubuntu11.04noarchseamonkey< 2.0.6+build1+nobinonly-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	firefox	< 3.6.7+build2+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	firefox	< 3.6.7+build2+nobinonly-0ubuntu1	UNKNOWN
ubuntu	11.04	noarch	firefox	< 3.6.7+build2+nobinonly-0ubuntu1	UNKNOWN
ubuntu	11.10	noarch	firefox	< 3.6.7+build2+nobinonly-0ubuntu1	UNKNOWN
ubuntu	8.04	noarch	seamonkey	< 2.0.8+build1+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	9.04	noarch	seamonkey	< 2.0.8+build1+nobinonly-0ubuntu0.9.04.1	UNKNOWN
ubuntu	9.10	noarch	seamonkey	< 2.0.8+build1+nobinonly-0ubuntu0.9.10.1	UNKNOWN
ubuntu	10.04	noarch	seamonkey	< 2.0.6+build1+nobinonly-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	seamonkey	< 2.0.6+build1+nobinonly-0ubuntu1	UNKNOWN
ubuntu	11.04	noarch	seamonkey	< 2.0.6+build1+nobinonly-0ubuntu1	UNKNOWN