CVE-2002-2436

Description

The Cascading Style Sheets (CSS) implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Affected products

• Mozilla / Firefox3.6.24
• Mozilla / Firefox3.0 – 3.0
• Mozilla / Firefox3.0.1 – 3.0.1
• Mozilla / Firefox3.0.2 – 3.0.2
• Mozilla / Firefox3.0.3 – 3.0.3
• Mozilla / Firefox3.0.4 – 3.0.4
• Mozilla / Firefox3.0.5 – 3.0.5
• Mozilla / Firefox3.0.6 – 3.0.6
• Mozilla / Firefox3.0.7 – 3.0.7
• Mozilla / Firefox3.0.8 – 3.0.8
• Mozilla / Firefox3.0.9 – 3.0.9
• Mozilla / Firefox3.0.10 – 3.0.10
• Mozilla / Firefox3.0.11 – 3.0.11
• Mozilla / Firefox3.0.12 – 3.0.12
• Mozilla / Firefox3.0.13 – 3.0.13
• Mozilla / Firefox3.0.14 – 3.0.14
• Mozilla / Firefox3.0.15 – 3.0.15
• Mozilla / Firefox3.0.16 – 3.0.16
• Mozilla / Firefox3.0.17 – 3.0.17
• Mozilla / Firefox3.5 – 3.5
• Mozilla / Firefox3.5.1 – 3.5.1
• Mozilla / Firefox3.5.2 – 3.5.2
• Mozilla / Firefox3.5.3 – 3.5.3
• Mozilla / Firefox3.5.4 – 3.5.4
• Mozilla / Firefox3.5.5 – 3.5.5
• Mozilla / Firefox3.5.6 – 3.5.6
• Mozilla / Firefox3.5.7 – 3.5.7
• Mozilla / Firefox3.5.8 – 3.5.8
• Mozilla / Firefox3.5.9 – 3.5.9
• Mozilla / Firefox3.5.10 – 3.5.10
• Mozilla / Firefox3.5.11 – 3.5.11
• Mozilla / Firefox3.5.12 – 3.5.12
• Mozilla / Firefox3.5.13 – 3.5.13
• Mozilla / Firefox3.5.14 – 3.5.14
• Mozilla / Firefox3.5.15 – 3.5.15
• Mozilla / Firefox3.6 – 3.6
• Mozilla / Firefox3.6.1 – 3.6.1
• Mozilla / Firefox3.6.2 – 3.6.2
• Mozilla / Firefox3.6.3 – 3.6.3
• Mozilla / Firefox3.6.4 – 3.6.4
• Mozilla / Firefox3.6.6 – 3.6.6
• Mozilla / Firefox3.6.7 – 3.6.7
• Mozilla / Firefox3.6.8 – 3.6.8
• Mozilla / Firefox3.6.9 – 3.6.9
• Mozilla / Firefox3.6.10 – 3.6.10
• Mozilla / Firefox3.6.11 – 3.6.11
• Mozilla / Firefox3.6.12 – 3.6.12
• Mozilla / Firefox3.6.13 – 3.6.13
• Mozilla / Firefox3.6.14 – 3.6.14
• Mozilla / Firefox3.6.15 – 3.6.15
• Mozilla / Firefox3.6.16 – 3.6.16
• Mozilla / Firefox3.6.17 – 3.6.17
• Mozilla / Firefox3.6.18 – 3.6.18
• Mozilla / Firefox3.6.19 – 3.6.19
• Mozilla / Firefox3.6.20 – 3.6.20
• Mozilla / Firefox3.6.21 – 3.6.21
• Mozilla / Firefox3.6.22 – 3.6.22
• Mozilla / Firefox3.6.23 – 3.6.23
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey1.1.18 – 1.1.18
• Mozilla / seamonkey1.1.19 – 1.1.19
• Mozilla / seamonkey1.5.0.8 – 1.5.0.8
• Mozilla / seamonkey1.5.0.9 – 1.5.0.9
• Mozilla / seamonkey1.5.0.10 – 1.5.0.10
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0 – 2.0
• Mozilla / seamonkey2.0.1 – 2.0.1
• Mozilla / seamonkey2.0.2 – 2.0.2
• Mozilla / seamonkey2.0.3 – 2.0.3
• Mozilla / seamonkey2.0.4 – 2.0.4
• Mozilla / seamonkey2.0.5 – 2.0.5
• Mozilla / seamonkey2.0.6 – 2.0.6
• Mozilla / seamonkey2.0.7 – 2.0.7
• Mozilla / seamonkey2.0.8 – 2.0.8
• Mozilla / seamonkey2.0.9 – 2.0.9
• Mozilla / seamonkey2.0.10 – 2.0.10
• Mozilla / seamonkey2.0.11 – 2.0.11
• Mozilla / seamonkey2.0.12 – 2.0.12
• Mozilla / seamonkey2.0.13 – 2.0.13
• Mozilla / seamonkey2.0.14 – 2.0.14
• Mozilla / seamonkey2.0a1 – 2.0a1
• Mozilla / seamonkey2.1 – 2.1
• Mozilla / seamonkey2.1
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0 – 1.0
• Mozilla / seamonkey1.0.1 – 1.0.1
• Mozilla / seamonkey1.0.2 – 1.0.2
• Mozilla / seamonkey1.0.3 – 1.0.3
• Mozilla / seamonkey1.0.4 – 1.0.4
• Mozilla / seamonkey1.0.5 – 1.0.5
• Mozilla / seamonkey1.0.6 – 1.0.6
• Mozilla / seamonkey1.0.7 – 1.0.7
• Mozilla / seamonkey1.0.8 – 1.0.8
• Mozilla / seamonkey1.0.9 – 1.0.9
• Mozilla / seamonkey1.1 – 1.1
• Mozilla / seamonkey1.1 – 1.1
• Mozilla / seamonkey1.1 – 1.1
• Mozilla / seamonkey1.1.1 – 1.1.1
• Mozilla / seamonkey1.1.2 – 1.1.2
• Mozilla / seamonkey1.1.3 – 1.1.3
• Mozilla / seamonkey1.1.4 – 1.1.4
• Mozilla / seamonkey1.1.5 – 1.1.5
• Mozilla / seamonkey1.1.6 – 1.1.6
• Mozilla / seamonkey1.1.7 – 1.1.7
• Mozilla / seamonkey1.1.8 – 1.1.8
• Mozilla / seamonkey1.1.9 – 1.1.9
• Mozilla / seamonkey1.1.10 – 1.1.10
• Mozilla / seamonkey1.1.11 – 1.1.11
• Mozilla / seamonkey1.1.12 – 1.1.12
• Mozilla / seamonkey1.1.13 – 1.1.13
• Mozilla / seamonkey1.1.14 – 1.1.14
• Mozilla / seamonkey1.1.15 – 1.1.15
• Mozilla / seamonkey1.1.16 – 1.1.16
• Mozilla / seamonkey1.1.17 – 1.1.17
• Mozilla / Thunderbird3.0 – 3.0
• Mozilla / Thunderbird3.0.1 – 3.0.1
• Mozilla / Thunderbird3.0.2 – 3.0.2
• Mozilla / Thunderbird3.0.3 – 3.0.3
• Mozilla / Thunderbird3.0.4 – 3.0.4
• Mozilla / Thunderbird3.0.5 – 3.0.5
• Mozilla / Thunderbird3.0.6 – 3.0.6
• Mozilla / Thunderbird3.0.7 – 3.0.7
• Mozilla / Thunderbird3.0.8 – 3.0.8
• Mozilla / Thunderbird3.0.9 – 3.0.9
• Mozilla / Thunderbird3.0.10 – 3.0.10
• Mozilla / Thunderbird3.0.11 – 3.0.11
• Mozilla / Thunderbird3.1 – 3.1
• Mozilla / Thunderbird3.1.1 – 3.1.1
• Mozilla / Thunderbird3.1.2 – 3.1.2
• Mozilla / Thunderbird3.1.3 – 3.1.3
• Mozilla / Thunderbird3.1.4 – 3.1.4
• Mozilla / Thunderbird3.1.5 – 3.1.5
• Mozilla / Thunderbird3.1.6 – 3.1.6
• Mozilla / Thunderbird3.1.7 – 3.1.7
• Mozilla / Thunderbird3.1.8 – 3.1.8
• Mozilla / Thunderbird3.1.9 – 3.1.9
• Mozilla / Thunderbird3.1.10 – 3.1.10
• Mozilla / Thunderbird3.1.11 – 3.1.11
• Mozilla / Thunderbird3.1.12 – 3.1.12
• Mozilla / Thunderbird3.1.13 – 3.1.13
• Mozilla / Thunderbird3.1.14 – 3.1.14
• Mozilla / Thunderbird3.1.15 – 3.1.15
• Mozilla / Thunderbird3.1.16

References

• MISChttp://blog.mozilla.com/security/2010/03/31/plugging-the-css-history-leak/
• MISChttp://w2spconf.com/2010/papers/p26.pdf
• MISChttp://bugzilla.mozilla.org/show_bug.cgi?id=147777
• MISChttps://developer.mozilla.org/en/CSS/Privacy_and_the_:visited_selector
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/71816