Veracode Vulnerability DatabaseVERACODE:24002Authorization Bypass
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
firefox is vulnerable to authorization bypass. The vulnerability exists as a flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document.
References
lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
mozilla.com/en-US/firefox/3.6.4/releasenotes/
mozilla.com/en-US/firefox/3.6/releasenotes/
mozilla.org/security/known-vulnerabilities/firefox35.html
secunia.com/advisories/39397
support.avaya.com/css/P8/documents/100091069
ubuntu.com/usn/usn-921-1
www.mandriva.com/security/advisories?name=MDVSA-2010:070
www.mozilla.org/security/announce/2010/mfsa2010-24.html
www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4
www.redhat.com/security/updates/classification/#critical
www.redhat.com/support/errata/RHSA-2010-0500.html
www.redhat.com/support/errata/RHSA-2010-0501.html
www.securityfocus.com/bid/39479
www.vupen.com/english/advisories/2010/0748
www.vupen.com/english/advisories/2010/0849
www.vupen.com/english/advisories/2010/1557
access.redhat.com/errata/RHSA-2010:0501
bugzilla.mozilla.org/show_bug.cgi?id=490790
exchange.xforce.ibmcloud.com/vulnerabilities/57396
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7618
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9375
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N