Vulnerability Details : CVE-2010-0169
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.
Products affected by CVE-2010-0169
- cpe:2.3:a:mozilla:firefox:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:2.0.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0169
1.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0169
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2010-0169
-
http://www.vupen.com/english/advisories/2010/0692
Webmail | OVH- OVH
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8431
Repository / Oval Repository
-
http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
Browser chrome defacement via cached XUL stylesheets — MozillaVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11391
Repository / Oval Repository
-
https://bugzilla.mozilla.org/show_bug.cgi?id=535806
535806 - (CVE-2010-0169) XUL cache lets HTML and XUL share stylesheets, can allow remote webpages to break browser UI
-
http://www.securityfocus.com/bid/38918
RETIRED: Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities
Jump to