Mozilla Foundation Security Advisory 2010-14

2010-04-06T00:00:00
ID SECURITYVULNS:DOC:23553
Type securityvulns
Reporter Securityvulns
Modified 2010-04-06T00:00:00

Description

Mozilla Foundation Security Advisory 2010-14

Title: Browser chrome defacement via cached XUL stylesheets Impact: Low Announced: March 23, 2010 Reporter: Wladimir Palant Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.6.2 Firefox 3.5.8 Firefox 3.0.18 Thunderbird 3.0.2 SeaMonkey 2.0.3 Description

Mozilla developer Wladimir Palant reported that stylesheets used in remote XUL documents can wind up in the XUL cache where it can later be accessed by browser chrome for use in styling the user interface. A malicious website could use this issue to pollute a user's XUL cache and change style attributes of their browser such as font size and color. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=535806
* CVE-2010-0169