The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
20 Nov 2024, 23:43
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/ - | |
References | () http://bugzilla.mozilla.org/show_bug.cgi?id=147777 - | |
References | () http://w2spconf.com/2010/papers/p26.pdf - Exploit | |
References | () https://developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector - |
Information
Published : 2011-12-07 19:55
Updated : 2024-11-20 23:43
NVD link : CVE-2002-2437
Mitre link : CVE-2002-2437
CVE.ORG link : CVE-2002-2437
JSON object : View
Products Affected
mozilla
- seamonkey
- firefox
- thunderbird
CWE
CWE-264
Permissions, Privileges, and Access Controls