CVE-2010-2764
CVE-2010-2764
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefoxhttp://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=552090http://secunia.com/advisories/42867https://exchange.xforce.ibmcloud.com/vulnerabilities/61662https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11684http://support.avaya.com/css/P8/documents/100112690http://www.mandriva.com/security/advisories?name=MDVSA-2010:173http://www.mozilla.org/security/announce/2010/mfsa2010-63.htmlhttp://www.securityfocus.com/bid/43104http://www.vupen.com/english/advisories/2010/2323