PT-2008-6573 · Mozilla+2 · Thunderbird+4
Published
2008-12-17
·
Updated
2024-06-15
·
CVE-2008-5506
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Mozilla Firefox versions 3.x before 3.0.5
Mozilla Firefox versions 2.x before 2.0.0.19
Thunderbird versions 2.x before 2.0.0.19
SeaMonkey versions 1.x before 1.1.14
Description
The issue allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, also known as "response disclosure."
Recommendations
For Mozilla Firefox versions 3.x before 3.0.5, update to version 3.0.5 or later.
For Mozilla Firefox versions 2.x before 2.0.0.19, update to version 2.0.0.19 or later.
For Thunderbird versions 2.x before 2.0.0.19, update to version 2.0.0.19 or later.
For SeaMonkey versions 1.x before 1.1.14, update to version 1.1.14 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Firefox
Red Hat
Seamonkey
Suse
Thunderbird