Описание
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.7.12-1.1ubuntu2 |
| devel | DNE | |
| edgy | released | 1.7.12-1.1ubuntu2 |
| feisty | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:in ...
Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.
EPSS
5 Medium
CVSS2