CVE-2010-0169Mozilla Seamonkey vulnerability

6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 37.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla SeamonkeyMozilla ThunderbirdMozilla Firefox
Timeline
PublishedMar 25
Latest updateMay 2

Description

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/seamonkey2.0.2+22
NVDmozilla/thunderbird3.0.1+31
NVDmozilla/firefox19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-h83h-c72m-vp62: The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader2022-05-02
CVEList
CVE-2010-0169: The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader2010-03-25

💥Exploits & PoCs

1
Exploit-DB
CA BrightStor ARCserve - Message Engine Buffer Overflow (Metasploit)2010-04-30

📋Vendor Advisories

1
Red Hat
firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)2010-03-23

💬Community

1
Bugzilla
CVE-2010-0169 firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)2010-03-24
CVE-2010-0169 — Mozilla Seamonkey vulnerability | cvebase