CVE-2010-0648
Firefox < 3.5.7 - Unauthorized URL Exposure via Stylesheet LINK Element
Title source: llmDescription
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.
References (6)
Core 6
Core References
Issue Tracking x_refsource_misc
http://code.google.com/p/chromium/issues/detail?id=32309
Exploit x_refsource_misc
http://nomoreroot.blogspot.com/2010/01/little-bug-in-safari-and-google-chrome.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12665
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html
Scores
EPSS
0.0124
EPSS Percentile
65.7%
Details
CWE
CWE-200
Status
published
Products (47)
mozilla/firefox
1.0 (2 CPE variants)
mozilla/firefox
1.0.1
mozilla/firefox
1.0.2
mozilla/firefox
1.0.3
mozilla/firefox
1.0.4
mozilla/firefox
1.0.5
mozilla/firefox
1.0.6
mozilla/firefox
1.0.7
mozilla/firefox
1.0.8
mozilla/firefox
1.5 (3 CPE variants)
... and 37 more
Published
Feb 18, 2010
Tracked Since
Feb 18, 2026