CVE-2010-5074Race Condition in Mozilla Firefox

CWE-362Race Condition3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 60.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird
Timeline
PublishedDec 7
Latest updateMay 17

Description

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDmozilla/firefox3.6.24+57
NVDmozilla/seamonkey2.1+50
NVDmozilla/thunderbird3.1.16+28

🔴Vulnerability Details

2
GHSA
GHSA-7j6g-vw57-cfwm: The layout engine in Mozilla Firefox before 42022-05-17
CVEList
CVE-2010-5074: The layout engine in Mozilla Firefox before 42011-12-07
CVE-2010-5074 — Race Condition in Mozilla Firefox | cvebase