CVE-2010-0648

Firefox < 3.5.7 - Unauthorized URL Exposure via Stylesheet LINK Element

Title source: llm
STIX 2.1

Description

Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12665
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html

Scores

EPSS 0.0124
EPSS Percentile 65.7%

Details

CWE
CWE-200
Status published
Products (47)
mozilla/firefox 1.0 (2 CPE variants)
mozilla/firefox 1.0.1
mozilla/firefox 1.0.2
mozilla/firefox 1.0.3
mozilla/firefox 1.0.4
mozilla/firefox 1.0.5
mozilla/firefox 1.0.6
mozilla/firefox 1.0.7
mozilla/firefox 1.0.8
mozilla/firefox 1.5 (3 CPE variants)
... and 37 more
Published Feb 18, 2010
Tracked Since Feb 18, 2026