CVE-2010-5074:firefox, thunderbird, seamonkey: The layout engine in Mozilla Firefox before 4.0, Th...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-5074

firefox, thunderbird, seamonkey: The layout engine in Mozilla Firefox before 4.0, Th...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5074

Original

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2011-12-07

Source Information Category:

Advisory, Alert

Last Updated:

2011-12-08

Affected Product Tags

cpe:/a:mozilla:firefox:3.0

cpe:/a:mozilla:firefox:3.0.1

cpe:/a:mozilla:firefox:3.0.10

cpe:/a:mozilla:firefox:3.0.11

cpe:/a:mozilla:firefox:3.0.12

cpe:/a:mozilla:firefox:3.0.13

cpe:/a:mozilla:firefox:3.0.14

cpe:/a:mozilla:firefox:3.0.15

cpe:/a:mozilla:firefox:3.0.16

cpe:/a:mozilla:firefox:3.0.17

cpe:/a:mozilla:firefox:3.0.2

cpe:/a:mozilla:firefox:3.0.3

cpe:/a:mozilla:firefox:3.0.4

cpe:/a:mozilla:firefox:3.0.5

cpe:/a:mozilla:firefox:3.0.6

cpe:/a:mozilla:firefox:3.0.7

cpe:/a:mozilla:firefox:3.0.8

cpe:/a:mozilla:firefox:3.0.9

cpe:/a:mozilla:firefox:3.5

cpe:/a:mozilla:firefox:3.5.1

cpe:/a:mozilla:firefox:3.5.10

cpe:/a:mozilla:firefox:3.5.11

cpe:/a:mozilla:firefox:3.5.12

cpe:/a:mozilla:firefox:3.5.13

cpe:/a:mozilla:firefox:3.5.14

cpe:/a:mozilla:firefox:3.5.15

cpe:/a:mozilla:firefox:3.5.2

cpe:/a:mozilla:firefox:3.5.3

cpe:/a:mozilla:firefox:3.5.4

cpe:/a:mozilla:firefox:3.5.5

cpe:/a:mozilla:firefox:3.5.6

cpe:/a:mozilla:firefox:3.5.7

cpe:/a:mozilla:firefox:3.5.8

cpe:/a:mozilla:firefox:3.5.9

cpe:/a:mozilla:firefox:3.6

cpe:/a:mozilla:firefox:3.6.1

cpe:/a:mozilla:firefox:3.6.10

cpe:/a:mozilla:firefox:3.6.11

cpe:/a:mozilla:firefox:3.6.12

cpe:/a:mozilla:firefox:3.6.13

cpe:/a:mozilla:firefox:3.6.14

cpe:/a:mozilla:firefox:3.6.15

cpe:/a:mozilla:firefox:3.6.16

cpe:/a:mozilla:firefox:3.6.17

cpe:/a:mozilla:firefox:3.6.18

cpe:/a:mozilla:firefox:3.6.19

cpe:/a:mozilla:firefox:3.6.2

cpe:/a:mozilla:firefox:3.6.20

cpe:/a:mozilla:firefox:3.6.21

cpe:/a:mozilla:firefox:3.6.22

cpe:/a:mozilla:firefox:3.6.23

cpe:/a:mozilla:firefox:3.6.24 and previous versions

cpe:/a:mozilla:firefox:3.6.3

cpe:/a:mozilla:firefox:3.6.4

cpe:/a:mozilla:firefox:3.6.6

cpe:/a:mozilla:firefox:3.6.7

cpe:/a:mozilla:firefox:3.6.8

cpe:/a:mozilla:firefox:3.6.9

cpe:/a:mozilla:seamonkey:1.0

cpe:/a:mozilla:seamonkey:1.0.1

cpe:/a:mozilla:seamonkey:1.0.2

cpe:/a:mozilla:seamonkey:1.0.3

cpe:/a:mozilla:seamonkey:1.0.4

cpe:/a:mozilla:seamonkey:1.0.5

cpe:/a:mozilla:seamonkey:1.0.6

cpe:/a:mozilla:seamonkey:1.0.7

cpe:/a:mozilla:seamonkey:1.0.8

cpe:/a:mozilla:seamonkey:1.0.9

cpe:/a:mozilla:seamonkey:1.0:alpha

cpe:/a:mozilla:seamonkey:1.0:beta

cpe:/a:mozilla:seamonkey:1.1

cpe:/a:mozilla:seamonkey:1.1.1

cpe:/a:mozilla:seamonkey:1.1.10

cpe:/a:mozilla:seamonkey:1.1.11

cpe:/a:mozilla:seamonkey:1.1.12

cpe:/a:mozilla:seamonkey:1.1.13

cpe:/a:mozilla:seamonkey:1.1.14

cpe:/a:mozilla:seamonkey:1.1.15

cpe:/a:mozilla:seamonkey:1.1.16

cpe:/a:mozilla:seamonkey:1.1.17

cpe:/a:mozilla:seamonkey:1.1.18

cpe:/a:mozilla:seamonkey:1.1.19

cpe:/a:mozilla:seamonkey:1.1.2

cpe:/a:mozilla:seamonkey:1.1.3

cpe:/a:mozilla:seamonkey:1.1.4

cpe:/a:mozilla:seamonkey:1.1.5

cpe:/a:mozilla:seamonkey:1.1.6

cpe:/a:mozilla:seamonkey:1.1.7

cpe:/a:mozilla:seamonkey:1.1.8

cpe:/a:mozilla:seamonkey:1.1.9

cpe:/a:mozilla:seamonkey:1.1:alpha

cpe:/a:mozilla:seamonkey:1.1:beta

cpe:/a:mozilla:seamonkey:1.5.0.10

cpe:/a:mozilla:seamonkey:1.5.0.8

cpe:/a:mozilla:seamonkey:1.5.0.9

cpe:/a:mozilla:seamonkey:2.0

cpe:/a:mozilla:seamonkey:2.0.1

cpe:/a:mozilla:seamonkey:2.0.10

cpe:/a:mozilla:seamonkey:2.0.11

cpe:/a:mozilla:seamonkey:2.0.12

cpe:/a:mozilla:seamonkey:2.0.13

cpe:/a:mozilla:seamonkey:2.0.14

cpe:/a:mozilla:seamonkey:2.0.2

cpe:/a:mozilla:seamonkey:2.0.3

cpe:/a:mozilla:seamonkey:2.0.4

cpe:/a:mozilla:seamonkey:2.0.5

cpe:/a:mozilla:seamonkey:2.0.6

cpe:/a:mozilla:seamonkey:2.0.7

cpe:/a:mozilla:seamonkey:2.0.8

cpe:/a:mozilla:seamonkey:2.0.9

cpe:/a:mozilla:seamonkey:2.0:alpha_1

cpe:/a:mozilla:seamonkey:2.0:alpha_2

cpe:/a:mozilla:seamonkey:2.0:alpha_3

cpe:/a:mozilla:seamonkey:2.0:beta_1

cpe:/a:mozilla:seamonkey:2.0:beta_2

cpe:/a:mozilla:seamonkey:2.0:rc1

cpe:/a:mozilla:seamonkey:2.0:rc2

cpe:/a:mozilla:seamonkey:2.0a1::pre

cpe:/a:mozilla:seamonkey:2.1:alpha1

cpe:/a:mozilla:seamonkey:2.1:alpha2

cpe:/a:mozilla:seamonkey:2.1:alpha3 and previous versions

cpe:/a:mozilla:thunderbird:3.0

cpe:/a:mozilla:thunderbird:3.0.1

cpe:/a:mozilla:thunderbird:3.0.10

cpe:/a:mozilla:thunderbird:3.0.11

cpe:/a:mozilla:thunderbird:3.0.2

cpe:/a:mozilla:thunderbird:3.0.3

cpe:/a:mozilla:thunderbird:3.0.4

cpe:/a:mozilla:thunderbird:3.0.5

cpe:/a:mozilla:thunderbird:3.0.6

cpe:/a:mozilla:thunderbird:3.0.7

cpe:/a:mozilla:thunderbird:3.0.8

cpe:/a:mozilla:thunderbird:3.0.9

cpe:/a:mozilla:thunderbird:3.1

cpe:/a:mozilla:thunderbird:3.1.1

cpe:/a:mozilla:thunderbird:3.1.10

cpe:/a:mozilla:thunderbird:3.1.11

cpe:/a:mozilla:thunderbird:3.1.12

cpe:/a:mozilla:thunderbird:3.1.13

cpe:/a:mozilla:thunderbird:3.1.14

cpe:/a:mozilla:thunderbird:3.1.15

cpe:/a:mozilla:thunderbird:3.1.16 and previous versions

cpe:/a:mozilla:thunderbird:3.1.2

cpe:/a:mozilla:thunderbird:3.1.3

cpe:/a:mozilla:thunderbird:3.1.4

cpe:/a:mozilla:thunderbird:3.1.5

cpe:/a:mozilla:thunderbird:3.1.6

cpe:/a:mozilla:thunderbird:3.1.7

cpe:/a:mozilla:thunderbird:3.1.8

cpe:/a:mozilla:thunderbird:3.1.9

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

CONFIRM http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/

Vulnerability Type Race Conditions (CWE-362)