CVE-2010-0654

Name	CVE-2010-0654
Description	Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-2075-1, DSA-2124-1
Debian Bugs	570743

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
iceape	source	lenny	(not affected)
iceape	source	(unstable)	2.0.6-1
icedove	source	lenny	(unfixed)	end-of-life
icedove	source	(unstable)	3.0.6-1
iceweasel	source	lenny	(not affected)
iceweasel	source	(unstable)	3.5.11-2
xulrunner	source	lenny	1.9.0.19-6		DSA-2124-1
xulrunner	source	(unstable)	1.9.1.11-1			570743

Notes

[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
[lenny] - iceape <not-affected> (Only a stub package)