 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2022-45411 |
| Description: | Cross-Site Tracing occurs when a server will echo a request back via
the Trace method, allowing an XSS attack to access to authorization
headers and cookies inaccessible to JavaScript (such as cookies
protected by HTTPOnly). To mitigate this attack, browsers placed
limits on fetch() and XMLHttpRequest; however some
webservers have implemented non-standard headers such as X-Http-
Method-Override that override the HTTP method, and made this
attack possible again. Thunderbird has applied the same mitigations to
the use of this and similar headers. This vulnerability affects
Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
|
| Test IDs: | 1.3.6.1.4.1.25623.1.1.4.2022.4085.1 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2022-45411 https://bugzilla.mozilla.org/show_bug.cgi?id=1790311 https://bugzilla.mozilla.org/show_bug.cgi?id=1790311 https://www.mozilla.org/security/advisories/mfsa2022-47/ https://www.mozilla.org/security/advisories/mfsa2022-47/ https://www.mozilla.org/security/advisories/mfsa2022-48/ https://www.mozilla.org/security/advisories/mfsa2022-48/ https://www.mozilla.org/security/advisories/mfsa2022-49/ https://www.mozilla.org/security/advisories/mfsa2022-49/ |