CVE-2010-0169

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

References

http://www.mozilla.org/security/announce/2010/mfsa2010-14.html

http://www.securityfocus.com/bid/38918

http://www.vupen.com/english/advisories/2010/0692

https://bugzilla.mozilla.org/show_bug.cgi?id=535806

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11391

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8431

Details

Source: MITRE

Published: 2010-03-25

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* versions up to 2.0.2 (inclusive)

cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* versions up to 3.0.1 (inclusive)

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
68015Oracle Linux 4 : thunderbird (ELSA-2010-0154)NessusOracle Linux Local Security Checks
critical
68000Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)NessusOracle Linux Local Security Checks
critical
67999Oracle Linux 4 / 5 : firefox (ELSA-2010-0112)NessusOracle Linux Local Security Checks
critical
63923RHEL 5 : thunderbird (RHSA-2010:0153)NessusRed Hat Local Security Checks
critical
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
46271RHEL 4 : thunderbird (RHSA-2010:0154)NessusRed Hat Local Security Checks
critical
45521Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:071)NessusMandriva Local Security Checks
critical
45361CentOS 5 : thunderbird (CESA-2010:0153)NessusCentOS Local Security Checks
critical
801342Mozilla Firefox < 3.6.2 Multiple Vulnerabilities.Log Correlation EngineWeb Clients
high
5485Mozilla Firefox 3.6.x < 3.6.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
45133Firefox 3.6.x < 3.6.2 Multiple VulnerabilitiesNessusWindows
high
45093CentOS 4 : thunderbird (CESA-2010:0154)NessusCentOS Local Security Checks
critical
801210Mozilla Thunderbird < 3.0.2 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
5355Mozilla Thunderbird < 3.0.2 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
44961Mozilla Thunderbird < 3.0.2 Multiple VulnerabilitiesNessusWindows
high
44672Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)NessusMandriva Local Security Checks
critical
801219Mozilla SeaMonkey < 2.0.3 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5343SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
5342Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
44660SeaMonkey < 2.0.3 Multiple VulnerabilitiesNessusWindows
high
44659Firefox 3.5 < 3.5.8 Multiple VulnerabilitiesNessusWindows
high
44658Firefox < 3.0.18 Multiple VulnerabilitiesNessusWindows
high
44652RHEL 3 / 4 : seamonkey (RHSA-2010:0113)NessusRed Hat Local Security Checks
critical
44651RHEL 4 / 5 : firefox (RHSA-2010:0112)NessusRed Hat Local Security Checks
critical
44649CentOS 3 / 4 : seamonkey (CESA-2010:0113)NessusCentOS Local Security Checks
critical
44648CentOS 4 / 5 : firefox (CESA-2010:0112)NessusCentOS Local Security Checks
critical