CVE-2002-2436Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 44.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedDec 7
Latest updateApr 30

Description

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox3.6.24+57
NVDmozilla/seamonkey2.1+50
NVDmozilla/thunderbird3.1.16+28

🔴Vulnerability Details

2
GHSA
GHSA-j5hm-v5hc-jgjr: The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 42022-04-30
CVEList
CVE-2002-2436: The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 42011-12-07
CVE-2002-2436 — Sensitive Information Exposure | cvebase