Lucene search

K

MitreCVELIST:CVE-2010-2764

HistorySep 09, 2010 - 6:00 p.m.

CVE-2010-2764

2010-09-0918:00:00

mitre

www.cve.org

8.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.

References

blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox

lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html

lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html

secunia.com/advisories/42867

support.avaya.com/css/P8/documents/100112690

www.mandriva.com/security/advisories?name=MDVSA-2010:173

www.mozilla.org/security/announce/2010/mfsa2010-63.html

www.securityfocus.com/bid/43104

www.vupen.com/english/advisories/2010/2323

www.vupen.com/english/advisories/2011/0061

bugzilla.mozilla.org/show_bug.cgi?id=552090

exchange.xforce.ibmcloud.com/vulnerabilities/61662

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11684

8.4 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

Related for CVELIST:CVE-2010-2764

veracode1 nvd1 mozilla1 securityvulns2 prion1 ubuntucve1 cve1 openvas41 ubuntu4 nessus47 fedora7 debian2 redhat1 oraclelinux1 centos1 freebsd1 suse3 gentoo1