Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.802583
Kategorie:General
Titel:Mozilla Products IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability (MAC OS X)
Zusammenfassung:The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone; to information disclosure vulnerability.
Beschreibung:Summary:
The host is installed with Mozilla firefox/thunderbird/seamonkey and is prone
to information disclosure vulnerability.

Vulnerability Insight:
The flaw is due to requests made using IPv6 syntax using XMLHttpRequest
objects through a proxy may generate errors depending on proxy configuration
for IPv6. The resulting error messages from the proxy may disclose sensitive
data.

Vulnerability Impact:
Successful exploitation will let attackers to get sensitive information.

Affected Software/OS:
SeaMonkey version before 2.4
Thunderbird version before 3.1.18 and 5.0 through 6.0.
Mozilla Firefox version before 3.6.26 and 4.x through 6.0

Solution:
Upgrade to Mozilla Firefox version 3.6.27 or 7.0 or later.

Upgrade to SeaMonkey version to 2.4 or later.

Upgrade to Thunderbird version to 3.1.18 or 7.0 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: BugTraq ID: 51786
Common Vulnerability Exposure (CVE) ID: CVE-2011-3670
Debian Security Information: DSA-2400 (Google Search)
http://www.debian.org/security/2012/dsa-2400
Debian Security Information: DSA-2402 (Google Search)
http://www.debian.org/security/2012/dsa-2402
Debian Security Information: DSA-2406 (Google Search)
http://www.debian.org/security/2012/dsa-2406
http://www.mandriva.com/security/advisories?name=MDVSA-2012:013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14814
SuSE Security Announcement: SUSE-SU-2012:0198 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html
SuSE Security Announcement: SUSE-SU-2012:0221 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html
SuSE Security Announcement: openSUSE-SU-2012:0234 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html
CopyrightCopyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.