CVE-2010-5074
Firefox < 3.6.24 - Timing Attack via CSS Token Sequence Processing
Title source: llmDescription
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14456
Scores
EPSS
0.0070
EPSS Percentile
48.6%
Details
CWE
CWE-362
Status
published
Products (50)
mozilla/firefox
3.0
mozilla/firefox
3.0.1
mozilla/firefox
3.0.2
mozilla/firefox
3.0.3
mozilla/firefox
3.0.4
mozilla/firefox
3.0.5
mozilla/firefox
3.0.6
mozilla/firefox
3.0.7
mozilla/firefox
3.0.8
mozilla/firefox
3.0.9
... and 40 more
Published
Dec 07, 2011
Tracked Since
Feb 18, 2026