Vulners
Lucene search
Microsoft XML Core Services XMLHttpRequest SetCookie2头信息泄露漏洞
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2009-0419 | 4 Feb 200919:00 | – | cve |
 | CVE-2009-0419 | 4 Feb 200919:00 | – | cvelist |
 | CVE-2009-0419 | 4 Feb 200919:30 | – | nvd |
 | Microsoft XML Core Service Information Disclosure Vulnerability | 18 Feb 200900:00 | – | openvas |
| Microsoft XML Core Service Information Disclosure Vulnerability | 18 Feb 200900:00 | – | openvas |
 | Design/Logic Flaw | 4 Feb 200919:30 | – | prion |
+<html>
+<!--
+https://bugzilla.mozilla.org/show_bug.cgi?id=380418
+-->
+<head>
+ <title>Test for Bug 380418</title>
+ <script type="text/javascript" src="/MochiKit/MochiKit.js"></script>
+ <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=380418">Mozilla Bug 380418</a>
+<p id="display"></p>
+<div id="content" style="display: none">
+
+</div>
+<pre id="test">
+<script class="testbody" type="text/javascript">
+
+/** Test for Bug 380418 **/
+
+SimpleTest.waitForExplicitFinish();
+
+var request = new XMLHttpRequest();
+request.open("GET", window.location.href, false);
+request.send(null);
+
+// Add fake Set-Cookie and X-Dummy response headers
+netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect UniversalBrowserRead");
+var channel = request.channel.QueryInterface(Components.interfaces.nsIHttpChannel);
+channel.setResponseHeader("Set-Cookie", "test", false);
+channel.setResponseHeader("X-Dummy", "test", false);
+
+// Try reading headers in privileged context
+is(request.getResponseHeader("Set-Cookie"), "test", "Reading Set-Cookie response header in privileged context");
+is(request.getResponseHeader("X-Dummy"), "test", "Reading X-Dummy response header in privileged context");
+
+ok(/\bSet-Cookie:/i.test(request.getAllResponseHeaders()), "Looking for Set-Cookie in all response headers in privileged context");
+ok(/\bX-Dummy:/i.test(request.getAllResponseHeaders()), "Looking for X-Dummy in all response headers in privileged context");
+
+// Try reading headers in unprivileged context
+setTimeout(function() {
+ is(request.getResponseHeader("Set-Cookie"), null, "Reading Set-Cookie response header in unprivileged context");
+ is(request.getResponseHeader("X-Dummy"), "test", "Reading X-Dummy response header in unprivileged context");
+
+ ok(!/\bSet-Cookie:/i.test(request.getAllResponseHeaders()), "Looking for Set-Cookie in all response headers in unprivileged context");
+ ok(/\bX-Dummy:/i.test(request.getAllResponseHeaders()), "Looking for X-Dummy in all response headers in unprivileged context");
+
+ SimpleTest.finish();
+}, 0);
+
+</script>
+</pre>
+</body>
+</html>
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Feb 2009 00:00Current
6.5Medium risk
Vulners AI Score6.5
EPSS0.29847