Oval Definition:oval:org.mitre.oval:def:11770
Revision Date:2014-10-06Version:35
Title:Mozilla Firefox, Thunderbird, and SeaMonkey Cross-origin data leakage from script filename in error messages
Description:dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2010-2754
Platform(s):Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Mozilla Firefox
Mozilla SeaMonkey
Mozilla Thunderbird
Definition Synopsis
  • Check for vulnerable Firefox
  • Mozilla Firefox Mainline release is installed
  • AND Check for vulnerable version
  • Mozilla Firefox Mainline version is 3.5.x before 3.5.11
  • OR Mozilla Firefox Mainline version is 3.6.x before 3.6.7
  • OR Check for vulnerable SeaMonkey
  • Mozilla Seamonkey is installed
  • AND Mozilla Seamonkey version less than 2.0.6
  • OR Check for vulnerable Thunderbird
  • Mozilla Thunderbird Mainline release is installed
  • AND Thunderbird version is 3.0.x before 3.0.6 or 3.1.x before 3.1.1
  • Mozilla Thunderbird 3.0.x before 3.0.6
  • OR Mozilla Thunderbird 3.1.x before 3.1.1
    • BACK