CVE-2010-0654 — Sensitive Information Exposure in Mozilla Seamonkey

CWE-200 — Sensitive Information Exposure11 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Seamonkey Mozilla Firefox Mozilla Thunderbird

Timeline

PublishedFeb 18

Latest updateMay 2

Description

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/seamonkey2.0.5+39

▶NVDmozilla/firefox14 versions+13

▶NVDmozilla/thunderbird6 versions+5

🔴Vulnerability Details

GHSA

GHSA-xv3r-wcc2-gmq8: Mozilla Firefox 3↗2022-05-02

▶

CVEList

CVE-2010-0654: Mozilla Firefox 3↗2010-02-18

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerability↗2010-07-26

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

Ubuntu

ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update↗2010-07-23

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2010-07-23

▶

💬Community

Bugzilla

CVE-2010-0654 firefox: cross-domain information disclosure↗2010-02-25

▶

Bugzilla

CVE-2010-0651 webkit: remote information disclosure↗2010-02-24

▶