CVE-2008-1238

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 2.0.0.13 SeaMonkey versions prior to 1.1.9

Description The issue makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as some Cross-Site Request Forgery (CSRF) mechanisms, by not listing the entire URL when it contains Basic Authentication credentials without a username.

Recommendations For Mozilla Firefox versions prior to 2.0.0.13, update to version 2.0.0.13 or later. For SeaMonkey versions prior to 1.1.9, update to version 1.1.9 or later.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2008-1238

DSA-1532-1

DSA-1534-1

DSA-1534-2

DSA-1535-1

RHSA-2008:0207

RHSA-2008:0208

RHSA-2008:0209

RHSA-2008_0207

RHSA-2008_0208

RHSA-2008_0209

Affected Products

Firefox

Red Hat

Seamonkey

CVE-2008-1238

Weakness Enumeration

Related Identifiers

Affected Products

References · 48