← voltar
CVE-2010-0179

CVE-2010-0179

EPSS 3.2%
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=504021http://secunia.com/advisories/3924http://secunia.com/advisories/39243http://secunia.com/advisories/39308http://secunia.com/advisories/39397http://secunia.com/advisories/42818http://securitytracker.com/id?1023783https://exchange.xforce.ibmcloud.com/vulnerabilities/57394https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6971https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9446