Your submission was sent successfully! Close

CVE-2010-0169

Published: 25 March 2010

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

Priority

Medium

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (3.6.2)
seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.3)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.2)
xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.19)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.1.9)