The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:22
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/ - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14456 - |
Information
Published : 2011-12-07 19:55
Updated : 2024-11-21 01:22
NVD link : CVE-2010-5074
Mitre link : CVE-2010-5074
CVE.ORG link : CVE-2010-5074
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
- seamonkey
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')