Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2010-2764

Date: September 9, 2010

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.

Severity Score

Related Resources (17)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:173
http://www.vupen.com/english/advisories/2010/2323
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/61662
http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox
http://www.vupen.com/english/advisories/2011/0061
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11684
http://www.securityfocus.com/bid/43104
http://www.mozilla.org/security/announce/2010/mfsa2010-63.html
https://access.redhat.com/security/cve/CVE-2010-2764
https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2764
http://support.avaya.com/css/P8/documents/100112690
https://nvd.nist.gov/vuln/detail/CVE-2010-2764
http://secunia.com/advisories/42867
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html
https://bugzilla.mozilla.org/show_bug.cgi?id=552090
https://www.mend.io/vulnerability-database/CVE-2010-2764

Severity Score

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us