Erroneous Stylesheet Caching

2020-04-1000:42:21

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

SeaMonkey is vulnerable to erroneous stylesheet caching. The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser’s font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

CPENameOperatorVersion
seamonkeyeq1.0.9__0.17.el3
seamonkeyeq1.0.9__0.25.el3
seamonkeyeq1.0.9__7.el4
seamonkeyeq1.0.9__32.el4
seamonkeyeq1.0.9__0.7.el3
seamonkeyeq1.0.9__45.el4_8
seamonkeyeq1.0.9__0.47.el3
seamonkeyeq1.0.7__0.1.el4
seamonkeyeq1.0.9__0.22.el3
seamonkeyeq1.0.8__0.2.el4

Name	Operator	Version
seamonkey	eq	1.0.9__0.17.el3
seamonkey	eq	1.0.9__0.25.el3
seamonkey	eq	1.0.9__7.el4
seamonkey	eq	1.0.9__32.el4
seamonkey	eq	1.0.9__0.7.el3
seamonkey	eq	1.0.9__45.el4_8
seamonkey	eq	1.0.9__0.47.el3
seamonkey	eq	1.0.7__0.1.el4
seamonkey	eq	1.0.9__0.22.el3
seamonkey	eq	1.0.8__0.2.el4