CVE-2010-2764 Information

Description

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9 Thunderbird before 3.0.7 and 3.1.x before 3.1.3 and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.

Reference

http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100112690 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http://www.mozilla.org/security/announce/2010/mfsa2010-63.html http://www.securityfocus.com/bid/43104 http://www.vupen.com/english/advisories/2010/2323 http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=552090 https://exchange.xforce.ibmcloud.com/vulnerabilities/61662 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11684