Lucene search
RootSSV:20203HistoryOct 26, 2010 - 12:00 a.m.
Mozilla Firefox Modal调用跨域信息泄露漏洞
2010-10-2600:00:00
Root
www.seebug.org
27
0.005 Low
EPSS
Percentile
73.4%
BUGTRAQ ID: 44252
CVE(CAN) ID: CVE-2010-3178
Firefox是一款非常流行的开源WEB浏览器。
如果网页打开了新的窗口并使用javascript: URL执行modal调用,如alert(),且之后将网页导航到了不同的域,则modal调用返回到窗口的打开程序就可以访问所导航到窗口中的对象。这违反了同源策略,允许用户窃取其他网站的敏感信息。
Mozilla Firefox 3.6.x
Mozilla Firefox 3.5.x
Mozilla Thunderbird 3.1.x
Mozilla Thunderbird 3.0.x
Mozilla SeaMonkey < 2.0.9
厂商补丁:
Mozilla
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2010:0782-01)以及相应补丁:
RHSA-2010:0782-01:Critical: firefox security update
链接:https://www.redhat.com/support/errata/RHSA-2010-0782.html
Related
prion
prion
Design/Logic Flaw
2010-10-21 19:00:00
mozilla
mozilla
Cross-site information disclosure via modal calls — Mozilla
2010-10-19 00:00:00
cve
cve
CVE-2010-3178
2010-10-21 19:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-69
2010-10-23 00:00:00
ubuntucve
ubuntucve
CVE-2010-3178
2010-10-19 00:00:00
veracode
veracode
Same-Origin Policy Bypass
2020-04-10 00:50:44
openvas
openvas
Mozilla Products Multiple Vulnerabilities October-10 (Windows)
2010-10-28 00:00:00
Mozilla Products Multiple Vulnerabilities (Oct 2010) - Windows
2010-10-28 00:00:00
Ubuntu Update for thunderbird vulnerabilities USN-998-1
2010-10-22 00:00:00
debian
debian
BSA-010 Security Update for iceweasel
2010-11-02 15:55:32
BSA-010 Security Update for iceweasel
2010-11-02 19:04:50
[SECURITY] [DSA 2124-1] New Xulrunner packages fix several vulnerabilities
2010-11-01 20:38:35
ubuntu
ubuntu
Thunderbird vulnerabilities
2010-10-20 00:00:00
Firefox and Xulrunner vulnerabilities
2010-10-20 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 10.10 : thunderbird vulnerabilities (USN-998-1)
2010-10-21 00:00:00
Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64
2012-08-01 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: galeon-2.0.7-34.fc13
2010-10-27 22:45:51
[SECURITY] Fedora 13 Update: perl-Gtk2-MozEmbed-0.08-6.fc13.18
2010-10-27 22:45:51
[SECURITY] Fedora 13 Update: xulrunner-1.9.2.11-1.fc13
2010-10-27 22:45:51
redhat
redhat
(RHSA-2010:0896) Moderate: thunderbird security update
2010-11-17 00:00:00
(RHSA-2010:0861) Critical: firefox security update
2010-11-10 00:00:00
(RHSA-2010:0782) Critical: firefox security update
2010-10-19 00:00:00
centos
centos
firefox, nss, xulrunner security update
2010-10-20 14:29:05
osv
osv
xulrunner - several vulnerabilities
2010-11-01 00:00:00
oraclelinux
oraclelinux
firefox security update
2010-10-20 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-10-19 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey,MozillaThunderbird
2010-11-08 11:27:17
Firefox update to 31.1esr (important)
2014-09-09 18:04:16
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00