Уязвимость раскрытия информации об узлах внутренней сети и локальных сервисах через вредоносную веб-страницу в Mozilla Firefox
Описание
Разработанные методы на основе исследования slipstream в сочетании с вредоносной веб-страницей способны раскрывать информацию об узлах внутренней сети и сервисах, работающих на локальной машине пользователя.
Затронутые версии ПО
- Mozilla Firefox релизов до версии 85
Тип уязвимости
Раскрытие информации
Ссылки
- Issue TrackingPermissions RequiredVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
7.4 High
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
Further techniques that built on the slipstream research combined with ...
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
Уязвимость браузера Mozilla Firefox, связанная с раскрытием информации, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.4 High
CVSS3
4.3 Medium
CVSS2