CVE-2010-0648Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 36.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedFeb 18
Latest updateMay 2

Description

Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox3.5.7+74

🔴Vulnerability Details

1
GHSA
GHSA-g7x2-68r5-j48j: Mozilla Firefox, possibly before 32022-05-02

📋Vendor Advisories

1
Red Hat
webkit: stylesheet URL property leaks redirection target2010-01-09

💬Community

2
Bugzilla
CVE-2010-0163 seamonkey/thunderbird: crash when indexing certain messages with attachments2010-03-23
Bugzilla
CVE-2010-0648 webkit: stylesheet URL property leaks redirection target2010-02-24