The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.

在Mozilla Firefox 3.0.x时代，在layout/style/nsCSSLoader.cpp中的CSSLoaderImpl::DoSheetComplete函数在将这个stylesheet添加到XUL缓存之前，会更改某些字符串的语序。这可能会允许远程攻击者修改浏览器的字体和其他CSS属性，并通过迫使浏览器执行这个错误的stylesheet缓存来干扰页面的渲染。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）