CVE-2002-2437Mozilla Firefox vulnerability

CWE-2643 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 47.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedDec 7
Latest updateApr 30

Description

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox3.6.24+57
NVDmozilla/seamonkey2.1+50
NVDmozilla/thunderbird3.1.16+28

🔴Vulnerability Details

2
GHSA
GHSA-p7wg-mx4g-rf69: The JavaScript implementation in Mozilla Firefox before 42022-04-30
CVEList
CVE-2002-2437: The JavaScript implementation in Mozilla Firefox before 42011-12-07
CVE-2002-2437 — Mozilla Firefox vulnerability | cvebase