Уязвимость межсайтового отслеживания (Cross-Site Tracing) в Firefox ESR, Thunderbird и Firefox через некорректную обработку HTTP заголовков
Описание
Уязвимость межсайтового отслеживания (Cross-Site Tracing) возникает, когда сервер возвращает запрос методом Trace, позволяя осуществить XSS-атаку с доступом к заголовкам авторизации и cookie, которые недоступны для JavaScript (такие как cookie, защищенные HTTPOnly). Для снижения риска этой атаки браузеры устанавливают ограничения на использование методов fetch() и XMLHttpRequest. Однако некоторые веб-серверы внедряют нестандартные заголовки, такие как X-Http-Method-Override, которые могут обойти эти ограничения и сделать атаку снова возможной. Thunderbird применяет такие же методы защиты к использованию данного и подобных заголовков.
Затронутые версии ПО
- Firefox ESR версии ниже 102.5
- Thunderbird версии ниже 102.5
- Firefox версии ниже 107
Тип уязвимости
Межсайтовый скриптинг (XSS)
Ссылки
- Issue TrackingPermissions RequiredVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Issue TrackingPermissions RequiredVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Cross-Site Tracing occurs when a server will echo a request back via t ...
Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript (such as cookies protected by HTTPOnly). To mitigate this attack, browsers placed limits on <code>fetch()</code> and XMLHttpRequest; however some webservers have implemented non-standard headers such as <code>X-Http-Method-Override</code> that override the HTTP method, and made this attack possible again. Thunderbird has applied the same mitigations to the use of this and similar headers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Уязвимость реализации метода Trace браузеров Mozilla Firefox, Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
EPSS
6.1 Medium
CVSS3