Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability

Bugtraq ID:	38922
Class:	Design Error
CVE:	CVE-2010-0169
Remote:	Yes
Local:	No
Published:	Mar 23 2010 12:00AM
Updated:	Mar 23 2010 12:00AM
Credit:	Wladimir Palant
Vulnerable:	Mozilla Thunderbird 3.0.1 Mozilla Thunderbird 3.0 Mozilla SeaMonkey 2.0.2 Mozilla SeaMonkey 2.0.1 Mozilla SeaMonkey 2.0 Mozilla Firefox 3.5.7 Mozilla Firefox 3.5.6 Mozilla Firefox 3.5.5 Mozilla Firefox 3.5.4 Mozilla Firefox 3.5.3 Mozilla Firefox 3.5.2 Mozilla Firefox 3.5.1 Mozilla Firefox 3.5 Mozilla Firefox 3.0.17 Mozilla Firefox 3.0.16 Mozilla Firefox 3.0.15 Mozilla Firefox 3.0.14 Mozilla Firefox 3.0.13 Mozilla Firefox 3.0.12 Mozilla Firefox 3.0.11 Mozilla Firefox 3.0.10 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 3.6 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0
Not Vulnerable:	Mozilla Thunderbird 3.0.2 Mozilla SeaMonkey 2.0.3 Mozilla Firefox 3.6.2 Mozilla Firefox 3.5.8 Mozilla Firefox 3.0.18

Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability

Mozilla Firefox is prone to a vulnerability that may allow attackers to modify browser settings.

This issue was previously documented in BID 38918 (Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities) but has been given its own record to better document it.

Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability

The attacker needs to entice a user to visit a malicious website.

Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability

Solution:
The vendor released an advisory and updates to address this issue. Please see the references for details.

Mozilla Firefox Cached XUL Stylesheets Security Bypass Vulnerability

References:

• Bug 535806 - (CVE-2010-0169) XUL cache lets HTML and XUL share stylesheets (Mozilla)
  
• Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco)
  
• Mozilla Foundation Security Advisory 2010-14 (Mozilla)