Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 00:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/33184 - Third Party Advisory | |
References | () http://secunia.com/advisories/33188 - Third Party Advisory | |
References | () http://secunia.com/advisories/33189 - Third Party Advisory | |
References | () http://secunia.com/advisories/33203 - Third Party Advisory | |
References | () http://secunia.com/advisories/33204 - Third Party Advisory | |
References | () http://secunia.com/advisories/33205 - Third Party Advisory | |
References | () http://secunia.com/advisories/33216 - Third Party Advisory | |
References | () http://secunia.com/advisories/33231 - Third Party Advisory | |
References | () http://secunia.com/advisories/33232 - Third Party Advisory | |
References | () http://secunia.com/advisories/33408 - Third Party Advisory | |
References | () http://secunia.com/advisories/33415 - Third Party Advisory | |
References | () http://secunia.com/advisories/33421 - Third Party Advisory | |
References | () http://secunia.com/advisories/33433 - Third Party Advisory | |
References | () http://secunia.com/advisories/33434 - Third Party Advisory | |
References | () http://secunia.com/advisories/33523 - Third Party Advisory | |
References | () http://secunia.com/advisories/33547 - Third Party Advisory | |
References | () http://secunia.com/advisories/34501 - Third Party Advisory | |
References | () http://secunia.com/advisories/35080 - Third Party Advisory | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 - Broken Link | |
References | () http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 - Broken Link | |
References | () http://www.debian.org/security/2009/dsa-1696 - Third Party Advisory | |
References | () http://www.debian.org/security/2009/dsa-1697 - Third Party Advisory | |
References | () http://www.debian.org/security/2009/dsa-1704 - Third Party Advisory | |
References | () http://www.debian.org/security/2009/dsa-1707 - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 - Third Party Advisory | |
References | () http://www.mozilla.org/security/announce/2008/mfsa2008-64.html - Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-1036.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-1037.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2009-0002.html - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/32882 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1021427 - Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-690-2 - Third Party Advisory | |
References | () http://www.ubuntu.com/usn/usn-701-1 - Third Party Advisory | |
References | () http://www.ubuntu.com/usn/usn-701-2 - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2009/0977 - Third Party Advisory | |
References | () https://bugzilla.mozilla.org/show_bug.cgi?id=458248 - Issue Tracking, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/47412 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512 - Third Party Advisory | |
References | () https://usn.ubuntu.com/690-1/ - Third Party Advisory | |
References | () https://usn.ubuntu.com/690-3/ - Third Party Advisory |
Information
Published : 2008-12-17 23:30
Updated : 2024-11-21 00:54
NVD link : CVE-2008-5506
Mitre link : CVE-2008-5506
CVE.ORG link : CVE-2008-5506
JSON object : View
Products Affected
mozilla
- thunderbird
- firefox
- seamonkey
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls