CVE-2010-2764

CVE-2010-2764 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.

Learn more about our Web App Pen Testing.