CVE-2008-5506

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.x before 3.0.5 Mozilla Firefox versions 2.x before 2.0.0.19 Thunderbird versions 2.x before 2.0.0.19 SeaMonkey versions 1.x before 1.1.14

Description The issue allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, also known as "response disclosure."

Recommendations For Mozilla Firefox versions 3.x before 3.0.5, update to version 3.0.5 or later. For Mozilla Firefox versions 2.x before 2.0.0.19, update to version 2.0.0.19 or later. For Thunderbird versions 2.x before 2.0.0.19, update to version 2.0.0.19 or later. For SeaMonkey versions 1.x before 1.1.14, update to version 1.1.14 or later.