PublicDateAtUSN: 2010-02-18 Candidate: CVE-2010-0654 PublicDate: 2010-02-18 18:00:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0654 https://ubuntu.com/security/notices/USN-930-4 https://ubuntu.com/security/notices/USN-957-1 https://ubuntu.com/security/notices/USN-958-1 Description: Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Ubuntu-Description: Notes: jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 jdstrand> Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. jdstrand> per chriscoulson, tbird requires javascript Bugs: http://code.google.com/p/chromium/issues/detail?id=9877 Priority: low Discovered-by: Assigned-to: CVSS: Patches_firefox: upstream_firefox: needed dapper_firefox: ignored (reached end-of-life) hardy_firefox: ignored (uses system xulrunner) intrepid_firefox: DNE jaunty_firefox: DNE karmic_firefox: DNE lucid_firefox: released (3.6.7+build2+nobinonly-0ubuntu0.10.04.1) maverick_firefox: released (3.6.7+build2+nobinonly-0ubuntu1) natty_firefox: released (3.6.7+build2+nobinonly-0ubuntu1) oneiric_firefox: released (3.6.7+build2+nobinonly-0ubuntu1) devel_firefox: released (3.6.7+build2+nobinonly-0ubuntu1) Patches_xulrunner: upstream_xulrunner: needed dapper_xulrunner: DNE hardy_xulrunner: ignored (reached end-of-life) intrepid_xulrunner: needed (reached end-of-life) jaunty_xulrunner: ignored (reached end-of-life) karmic_xulrunner: ignored (reached end-of-life) lucid_xulrunner: DNE maverick_xulrunner: DNE natty_xulrunner: DNE oneiric_xulrunner: DNE devel_xulrunner: DNE Patches_xulrunner-1.9: upstream_xulrunner-1.9: needed dapper_xulrunner-1.9: DNE hardy_xulrunner-1.9: ignored (reverse dependencies no longer process web content) intrepid_xulrunner-1.9: needed (reached end-of-life) jaunty_xulrunner-1.9: ignored (reverse dependencies no longer process web content) karmic_xulrunner-1.9: DNE lucid_xulrunner-1.9: DNE maverick_xulrunner-1.9: DNE natty_xulrunner-1.9: DNE oneiric_xulrunner-1.9: DNE devel_xulrunner-1.9: DNE Patches_xulrunner-1.9.1: upstream_xulrunner-1.9.1: needed dapper_xulrunner-1.9.1: DNE hardy_xulrunner-1.9.1: DNE intrepid_xulrunner-1.9.1: DNE jaunty_xulrunner-1.9.1: ignored (use firefox-3.0 instead) karmic_xulrunner-1.9.1: ignored (reverse dependencies no longer process web content) lucid_xulrunner-1.9.1: DNE maverick_xulrunner-1.9.1: DNE natty_xulrunner-1.9.1: DNE oneiric_xulrunner-1.9.1: DNE devel_xulrunner-1.9.1: DNE Patches_xulrunner-1.9.2: upstream_xulrunner-1.9.2: needed dapper_xulrunner-1.9.2: DNE hardy_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2) intrepid_xulrunner-1.9.2: DNE jaunty_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2) karmic_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2) lucid_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1) maverick_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1) natty_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1) oneiric_xulrunner-1.9.2: DNE devel_xulrunner-1.9.2: DNE Patches_seamonkey: upstream_seamonkey: needed dapper_seamonkey: DNE hardy_seamonkey: released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1) intrepid_seamonkey: needed (reached end-of-life) jaunty_seamonkey: released (2.0.8+build1+nobinonly-0ubuntu0.9.04.1) karmic_seamonkey: released (2.0.8+build1+nobinonly-0ubuntu0.9.10.1) lucid_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu0.10.04.1) maverick_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu1) natty_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu1) oneiric_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu1) devel_seamonkey: released (2.0.6+build1+nobinonly-0ubuntu1) Patches_thunderbird: Priority_thunderbird: negligible upstream_thunderbird: released (3.0.6) dapper_thunderbird: DNE hardy_thunderbird: ignored intrepid_thunderbird: ignored jaunty_thunderbird: ignored karmic_thunderbird: ignored lucid_thunderbird: released (3.0.6+build2+nobinonly-0ubuntu0.10.04.1) maverick_thunderbird: not-affected (3.0.6+build2+nobinonly-0ubuntu1) natty_thunderbird: not-affected (3.0.6+build2+nobinonly-0ubuntu1) oneiric_thunderbird: not-affected (3.0.6+build2+nobinonly-0ubuntu1) devel_thunderbird: not-affected (3.0.6+build2+nobinonly-0ubuntu1)