CVE-2010-0169

Priority
Medium
Description
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp
in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x
before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes
the case of certain strings in a stylesheet before adding this stylesheet
to the XUL cache, which might allow remote attackers to modify the
browser's font and other CSS attributes, and potentially disrupt rendering
of a web page, by forcing the browser to perform this erroneous stylesheet
caching.
References
Bugs
Assigned-to
chriscoulson
Package
Upstream:released (3.0.2)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.0.4+nobinonly-0ubuntu1)
Ubuntu 11.04 (Natty Narwhal):released (3.0.4+nobinonly-0ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):released (3.0.4+nobinonly-0ubuntu1)
Package
Upstream:released (1.9.1.9)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
Package
Upstream:released (2.0.3)
Ubuntu 8.04 LTS (Hardy Heron):released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):released (2.0.8+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):not-affected (2.0.4+nobinonly-0ubuntu1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (2.0.4+nobinonly-0ubuntu1)
Package
Upstream:released (3.6.2)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):released (3.6.3+nobinonly-0ubuntu2)
Ubuntu 11.04 (Natty Narwhal):released (3.6.3+nobinonly-0ubuntu2)
Ubuntu 11.10 (Oneiric Ocelot):released (3.6.3+nobinonly-0ubuntu2)
Package
Upstream:released (1.9.0.19)
Ubuntu 8.04 LTS (Hardy Heron):released (1.9.0.19+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Ubuntu 11.10 (Oneiric Ocelot):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:36 UTC (commit 5347)