CVE-2008-5012

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 2.x through 2.0.0.17 Thunderbird versions 2.x through 2.0.0.17 SeaMonkey versions 1.x through 1.1.12

Description The issue allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. This can be leveraged to enumerate software on the client by performing redirections related to moz-icon. Multiple vulnerabilities in various Debian GNU/Linux packages may lead to a breach of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Mozilla Firefox versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For Thunderbird versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x through 1.1.12, update to version 1.1.13 or later. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.