Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2010-2754

Опубликовано: 20 июл. 2010
Источник: redhat
CVSS2: 5.1

Описание

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6firefoxAffected
Red Hat Enterprise Linux Extended Update Support 4.8firefoxAffected
Red Hat Enterprise Linux Extended Update Support 5.5firefoxAffected
Red Hat Enterprise Linux 3seamonkeyFixedRHSA-2010:054621.07.2010
Red Hat Enterprise Linux 4thunderbirdFixedRHSA-2010:054421.07.2010
Red Hat Enterprise Linux 4seamonkeyFixedRHSA-2010:054621.07.2010
Red Hat Enterprise Linux 4firefoxFixedRHSA-2010:054721.07.2010
Red Hat Enterprise Linux 5thunderbirdFixedRHSA-2010:054521.07.2010
Red Hat Enterprise Linux 5firefoxFixedRHSA-2010:054721.07.2010
Red Hat Enterprise Linux 5xulrunnerFixedRHSA-2010:054721.07.2010

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=615488Mozilla Cross-origin data leakage from script filename in error messages

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2010-2754

ubuntu
около 15 лет назад

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

nvd логотип

CVE-2010-2754

nvd
около 15 лет назад

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

debian логотип

CVE-2010-2754

debian
около 15 лет назад

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 an ...

github логотип

GHSA-whp6-g3v5-mxmh

github
около 3 лет назад

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.

oracle-oval логотип

ELSA-2010-0547

oracle-oval
около 15 лет назад

ELSA-2010-0547: firefox security update (CRITICAL)

5.1 Medium

CVSS2