Oval Definition:oval:org.mitre.oval:def:8431
Revision Date:2014-10-06Version:29
Title:Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability
Description:The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-0169
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis
  • Check for vulnerable Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is less than 3.0.18
  • OR Mozilla Firefox Mainline version is 3.5.x to 3.5.8
  • OR Mozilla Firefox Mainline version is 3.6.x to 3.6.1
  • OR Check for vulnerable Seamonkey
  • Mozilla Seamonkey is installed
  • AND Mozilla Seamonkey version less than 2.0.3
  • OR Check for vulnerable Thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Mozilla Thunderbird version less than 3.0.2
  • BACK