Mozilla Firefox IFRAME Loading Information Disclosure Vulnerability
BID:51053
Info
Mozilla Firefox IFRAME Loading Information Disclosure Vulnerability
| Bugtraq ID: | 51053 |
| Class: | Access Validation Error |
| CVE: |
CVE-2011-4688 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 06 2011 12:00AM |
| Updated: | Dec 06 2011 12:00AM |
| Credit: | Edward W. Felten and Michael A. Schneider |
| Vulnerable: |
Mozilla Firefox 8.0.1 Mozilla Firefox 8.0 Mozilla Firefox 7.0.1 Mozilla Firefox 7.0 Mozilla Firefox 7 Mozilla Firefox 6.0.2 Mozilla Firefox 6.0.1 Mozilla Firefox 6.0 Mozilla Firefox 6 Mozilla Firefox 5.0.1 Mozilla Firefox 5.0 Mozilla Firefox 4.0.1 Mozilla Firefox 4.0 Beta9 Mozilla Firefox 4.0 Beta8 Mozilla Firefox 4.0 Beta7 Mozilla Firefox 4.0 Beta6 Mozilla Firefox 4.0 Beta5 Mozilla Firefox 4.0 Beta4 Mozilla Firefox 4.0 Beta3 Mozilla Firefox 4.0 Beta2 Mozilla Firefox 4.0 Beta12 Mozilla Firefox 4.0 Beta11 Mozilla Firefox 4.0 Beta10 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 Beta1 Mozilla Firefox 4.0 |
| Not Vulnerable: | |
Discussion
Mozilla Firefox IFRAME Loading Information Disclosure Vulnerability
Mozilla Firefox is prone to an information-disclosure vulnerability.
An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content.
Successful exploits will allow attackers to enumerate documents in the browser cache. Information obtained may aid in further attacks.
Mozilla Firefox is prone to an information-disclosure vulnerability.
An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content.
Successful exploits will allow attackers to enumerate documents in the browser cache. Information obtained may aid in further attacks.
Exploit / POC
Mozilla Firefox IFRAME Loading Information Disclosure Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted site.
An attacker can exploit this issue by enticing an unsuspecting user to visit a crafted site.
Solution / Fix
Mozilla Firefox IFRAME Loading Information Disclosure Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
Mozilla Firefox IFRAME Loading Information Disclosure Vulnerability
References:
References:
- Mozilla Homepage (Mozilla Foundation)
- Rapid history extraction through non-destructive cache timing (v8) (Michal Zalewski)
- Timing Attacks on Web Privacy Timing Attacks on Web Privacy (Edward W. Felten and Michael A. Schneider)
- Cisco NX-OS Software TACACS+ Command Authorization Vulnerability (Cisco)