CVE-2010-0169
Priority
Medium
Description
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp
in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x
before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes
the case of certain strings in a stylesheet before adding this stylesheet
to the XUL cache, which might allow remote attackers to modify the
browser's font and other CSS attributes, and potentially disrupt rendering
of a web page, by forcing the browser to perform this erroneous stylesheet
caching.
in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x
before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes
the case of certain strings in a stylesheet before adding this stylesheet
to the XUL cache, which might allow remote attackers to modify the
browser's font and other CSS attributes, and potentially disrupt rendering
of a web page, by forcing the browser to perform this erroneous stylesheet
caching.
References
Assigned-to
chriscoulson
Package
| Upstream: | released (3.0.2) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.0.4+nobinonly-0ubuntu1) |
| Ubuntu 11.04 (Natty Narwhal): | released (3.0.4+nobinonly-0ubuntu1) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (3.0.4+nobinonly-0ubuntu1) |
Package
| Upstream: | released (1.9.1.9) |
| Ubuntu 8.04 LTS (Hardy Heron): | DNE |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |
Package
| Upstream: | released (2.0.3) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (2.0.8+build1+nobinonly-0ubuntu0.10.04.1) |
| Ubuntu 11.04 (Natty Narwhal): | not-affected (2.0.4+nobinonly-0ubuntu1) |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (2.0.4+nobinonly-0ubuntu1) |
Package
| Upstream: | released (3.6.2) |
| Ubuntu 8.04 LTS (Hardy Heron): | not-affected |
| Ubuntu 10.04 LTS (Lucid Lynx): | released (3.6.3+nobinonly-0ubuntu2) |
| Ubuntu 11.04 (Natty Narwhal): | released (3.6.3+nobinonly-0ubuntu2) |
| Ubuntu 11.10 (Oneiric Ocelot): | released (3.6.3+nobinonly-0ubuntu2) |
Package
| Upstream: | released (1.9.0.19) |
| Ubuntu 8.04 LTS (Hardy Heron): | released (1.9.0.19+nobinonly-0ubuntu0.8.04.1) |
| Ubuntu 10.04 LTS (Lucid Lynx): | DNE |
| Ubuntu 11.04 (Natty Narwhal): | DNE |
| Ubuntu 11.10 (Oneiric Ocelot): | DNE |