Уязвимость сканирования внутренней сети и локальных сервисов через WebRTC-соединения на вредоносной веб-странице в Firefox и Thunderbird
Описание
Злоумышленник, используя методики, основанные на исследованиях slipstream, способен создать вредоносную веб-страницу, которая сканирует как хосты внутренней сети, так и сервисы, работающие на локальной машине пользователя, через WebRTC-соединения.
Затронутые версии ПО
- Firefox ESR версии до 78.9
- Firefox версии до 87
- Thunderbird версии до 78.9
Тип уязвимости
Подмена данных через WebRTC-соединения
Ссылки
- Issue TrackingVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Firefox < 87, and Thunderbird < 78.9.
Using techniques that built on the slipstream research, a malicious we ...
Using techniques that built on the slipstream research, a malicious webpage could have scanned both an internal network's hosts as well as services running on the user's local machine utilizing WebRTC connections. This vulnerability affects Firefox ESR < 78.9, Thunderbird < 78.9, and Firefox < 87.
EPSS
6.5 Medium
CVSS3
4.3 Medium
CVSS2