製品・ソフトウェアに関する情報

JVN脆弱性詳細

複数の Mozilla 製品の CSSLoaderImpl::DoSheetComplete 関数におけるウェブページのレンダリングを中断される脆弱性

Title	複数の Mozilla 製品の CSSLoaderImpl::DoSheetComplete 関数におけるウェブページのレンダリングを中断される脆弱性
Summary	複数の Mozilla 製品の layout/style/nsCSSLoader.cpp の CSSLoaderImpl::DoSheetComplete 関数には、XUL キャッシュにスタイルシートを追加する前にスタイルシートにおける複数の文字列の状況を変更できるため、ブラウザのフォント、または他の CSS の属性が変更され、ウェブページのレンダリングを中断される脆弱性が存在します。
Possible impacts	誤ったスタイルシートのキャッシングを強制的にブラウザで実行させることにより、ブラウザのフォント、または他の CSS の属性が変更され、ウェブページのレンダリングを中断される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 23, 2010, midnight
Registration Date	April 6, 2010, 4:50 p.m.
Last Update	April 6, 2010, 4:50 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N

Affected System

レッドハット

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.4.z (server)

RHEL Desktop Workstation 5 (client)

RHEL Optional Productivity Applications 5 (server)

RHEL Optional Productivity Applications EUS 5.4.z (server)

Mozilla Foundation

Mozilla Firefox 3.0.18 未満

Mozilla Firefox 3.5.8 未満

Mozilla Firefox 3.6.2 未満

Mozilla SeaMonkey 2.0.3 未満

Mozilla Thunderbird 3.0.2 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0169	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0169
National Vulnerability Database (NVD)
2	CVE-2010-0169	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0169

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Mozilla Foundation Security Advisory
1	MFSA 2010-14	http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
Mozilla Foundation セキュリティアドバイザリ
2	MFSA 2010-14	http://www.mozilla-japan.org/security/announce/2010/mfsa2010-14.html
Red Hat Security Advisory
3	RHSA-2010:0112	https://rhn.redhat.com/errata/RHSA-2010-0112.html
4	RHSA-2010:0113	https://rhn.redhat.com/errata/RHSA-2010-0113.html
5	RHSA-2010:0153	https://rhn.redhat.com/errata/RHSA-2010-0153.html
6	RHSA-2010:0154	https://rhn.redhat.com/errata/RHSA-2010-0154.html

その他

No	Name	URL
Secunia Advisory
1	SA38608	http://secunia.com/advisories/38608/
SecurityFocus
2	38922	http://www.securityfocus.com/bid/38922
VUPEN Security
3	VUPEN/ADV-2010-0692	http://www.vupen.com/english/advisories/2010/0692

Change Log

No	Changed Details	Date of change
0	[2010年04月06日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2010-0169

Summary	The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.
Publication Date	March 26, 2010, 6 a.m.
Registration Date	Jan. 29, 2021, 10:56 a.m.
Last Update	Oct. 31, 2018, 1:25 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:3.0:::::::*
cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
cpe:2.3:a:mozilla:firefox:3.0.11:::::::*
cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
cpe:2.3:a:mozilla:firefox:3.0.14:::::::*
cpe:2.3:a:mozilla:firefox:3.0.15:::::::*
cpe:2.3:a:mozilla:firefox:3.0.16:::::::*
cpe:2.3:a:mozilla:firefox:3.0.17:::::::*
cpe:2.3:a:mozilla:firefox:3.5:::::::*
cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
cpe:2.3:a:mozilla:firefox:3.5.4:::::::*
cpe:2.3:a:mozilla:firefox:3.5.5:::::::*
cpe:2.3:a:mozilla:firefox:3.5.6:::::::*
cpe:2.3:a:mozilla:firefox:3.5.7:::::::*
cpe:2.3:a:mozilla:firefox:3.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10::::::
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		2.0.2
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.10:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.11:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.12:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.13:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.14:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.12:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.14:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.16:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.17:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.18:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.19:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		3.0.1

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.mozilla.org/security/announce/2010/mfsa2010-14.html	CONFIRM	Vendor Advisory
2	http://www.securityfocus.com/bid/38918	BID
3	http://www.vupen.com/english/advisories/2010/0692	VUPEN
4	https://bugzilla.mozilla.org/show_bug.cgi?id=535806	CONFIRM
5	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11391	OVAL
6	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8431	OVAL

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:mozilla:firefox:3.0:::::::*
cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
cpe:2.3:a:mozilla:firefox:3.0.10:::::::*
cpe:2.3:a:mozilla:firefox:3.0.11:::::::*
cpe:2.3:a:mozilla:firefox:3.0.12:::::::*
cpe:2.3:a:mozilla:firefox:3.0.13:::::::*
cpe:2.3:a:mozilla:firefox:3.0.14:::::::*
cpe:2.3:a:mozilla:firefox:3.0.15:::::::*
cpe:2.3:a:mozilla:firefox:3.0.16:::::::*
cpe:2.3:a:mozilla:firefox:3.0.17:::::::*
cpe:2.3:a:mozilla:firefox:3.5:::::::*
cpe:2.3:a:mozilla:firefox:3.5.1:::::::*
cpe:2.3:a:mozilla:firefox:3.5.2:::::::*
cpe:2.3:a:mozilla:firefox:3.5.3:::::::*
cpe:2.3:a:mozilla:firefox:3.5.4:::::::*
cpe:2.3:a:mozilla:firefox:3.5.5:::::::*
cpe:2.3:a:mozilla:firefox:3.5.6:::::::*
cpe:2.3:a:mozilla:firefox:3.5.7:::::::*
cpe:2.3:a:mozilla:firefox:3.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.5:1.1.10::::::
cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.13:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.14:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.15:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.16:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.17:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.18:::::::*
cpe:2.3:a:mozilla:seamonkey:1.1.19:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:::::::*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc1::::::
cpe:2.3:a:mozilla:seamonkey:2.0:rc2::::::
cpe:2.3:a:mozilla:seamonkey:2.0.1:::::::*
cpe:2.3:a:mozilla:seamonkey::::::::		2.0.2
cpe:2.3:a:mozilla:thunderbird:1.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5:beta2::::::
cpe:2.3:a:mozilla:thunderbird:1.5.0.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.2:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.10:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.11:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.12:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.13:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.0.14:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.1:::::::*
cpe:2.3:a:mozilla:thunderbird:1.5.2:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.3:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.7:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.8:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.12:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.14:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.16:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.17:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.18:::::::*
cpe:2.3:a:mozilla:thunderbird:2.0.0.19:::::::*
cpe:2.3:a:mozilla:thunderbird::::::::		3.0.1