Описание
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | released | 3.6.9+build1+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | DNE | |
| karmic | DNE | |
| lucid | released | 3.6.9+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.6.9+build1+nobinonly-0ubuntu1 |
| natty | released | 3.6.9+build1+nobinonly-0ubuntu1 |
| upstream | released | 3.6.9 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | released | 3.6.9+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 3.6.9+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | DNE | |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | released | 3.5.12+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 3.6.9+build1+nobinonly-0ubuntu0.9.10.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | needs-triage | Ubuntu source uses 3.6.x |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 2.0.7+build1+nobinonly-0ubuntu1 |
| hardy | released | 2.0.8+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 2.0.8+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 2.0.8+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 2.0.7+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 2.0.7+build1+nobinonly-0ubuntu1 |
| natty | released | 2.0.7+build1+nobinonly-0ubuntu1 |
| upstream | released | 2.0.7 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 3.1.3+build1+nobinonly-0ubuntu1 |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | released | 3.0.7+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 3.1.3+build1+nobinonly-0ubuntu1 |
| natty | released | 3.1.3+build1+nobinonly-0ubuntu1 |
| upstream | released | 3.0.7, 3.1.3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| hardy | DNE | |
| jaunty | released | 1.9.1.12+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.1.12+build1+nobinonly-0ubuntu0.9.10.2 |
| lucid | DNE | |
| maverick | DNE | |
| natty | DNE | |
| upstream | released | 1.9.1.12 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | released | 1.9.2.9+build1+nobinonly-0ubuntu1 |
| hardy | released | 1.9.2.9+build1+nobinonly-0ubuntu0.8.04.1 |
| jaunty | released | 1.9.2.9+build1+nobinonly-0ubuntu0.9.04.1 |
| karmic | released | 1.9.2.9+build1+nobinonly-0ubuntu0.9.10.1 |
| lucid | released | 1.9.2.9+build1+nobinonly-0ubuntu0.10.04.1 |
| maverick | released | 1.9.2.9+build1+nobinonly-0ubuntu1 |
| natty | released | 1.9.2.9+build1+nobinonly-0ubuntu1 |
| upstream | released | 1.9.2.9 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird befo ...
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
4.3 Medium
CVSS2