Уязвимость раскрытия информации о внутренних сетевых узлах и локальных сервисах через вредоносные веб-страницы в Mozilla Firefox и Thunderbird
Описание
Используя методы, разработанные на основе исследования slipstream, злоумышленник может посредством вредоносной веб-страницы раскрыть информацию как о внутренних сетевых узлах, так и о сервисах, работающих на локальной машине пользователя.
Затронутые версии ПО
- Firefox версии до 84
- Thunderbird версии до 78.6
- Firefox ESR версии до 78.6
Тип уязвимости
Раскрытие информации
Ссылки
- Permissions Required
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Permissions Required
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Using techniques that built on the slipstream research, a malicious we ...
Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
ELSA-2020-5624-1: thunderbird security update (IMPORTANT)
EPSS
6.1 Medium
CVSS3
5.8 Medium
CVSS2