Mozilla Firefox 3.6 – Image Preloading Content-Policy Check Security Bypass

Exploit Database
65 阅读

作者： Josh Soref

日期： 2010-03-18
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/33798/

source: https://www.securityfocus.com/bid/38927/info

Mozilla Firefox is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass content-loading policies.

Attackers can exploit this issue to bypass content-loading policies. The impact of this issue will depend on the reasons behind the content check. Consequences may include cross-site request-forgery attacks, denial-of-service conditions, and possibly remote code execution.

Mozilla Firefox 3.6 is vulnerable.

NOTE: This issue was previously covered in BID 38918 (Mozilla Firefox Thunderbird and Seamonkey MFSA 2010-09 through -15 Multiple Vulnerabilities) but has been assigned its own record to better document it.

<img src="file:///dev/tty">

last Exploits
Mozilla Firefox 3.6 – Image Preloading Content-Policy Check Security Bypass的更多信息

Endian Firewall < 3.0.0 - OS Command Injection：
Squash – YAML Code Execution (Metasploit)：
Serenity Audio Player 3.2.3 – ‘.m3u’ Remote Buffer Overflow (Metasploit)：
CA BrightStor ARCserve License Service – ‘GCR NETWORK’ Remote Buffer Overflow (Metasploit)：
WebKit 1.2.x – Local Webpage Cross Domain Information Disclosure：
Zemra Botnet (C2 Web Panel) – Remote Code Execution (Metasploit)：
NetTransport Download Manager 2.90.510 – Remote Overflow (SEH)：
HTTP File Server 2.2 – Security Bypass / Denial of Service：