PT-2008-6930 · Mozilla+3 · Firefox+5

Published

1970-01-01

Updated

2024-06-15

CVE-2008-5012

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 2.x through 2.0.0.17 Thunderbird versions 2.x through 2.0.0.17 SeaMonkey versions 1.x through 1.1.12

Description The issue allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. This can be leveraged to enumerate software on the client by performing redirections related to moz-icon. Multiple vulnerabilities in various Debian GNU/Linux packages may lead to a breach of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Mozilla Firefox versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For Thunderbird versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x through 1.1.12, update to version 1.1.13 or later. As a temporary workaround, consider restricting access to sensitive information until the issue is resolved.

Exploit

Fix

Buffer Overflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-200CWE-91

Related Identifiers

BDU:2015-02788

BDU:2015-02789

BDU:2015-02790

BDU:2015-02791

BDU:2015-02792

BDU:2015-02793

BDU:2015-02794

BDU:2015-02795

BDU:2015-02796

BDU:2015-02797

CVE-2008-5012

DSA-1669-1

DSA-1671-1

DSA-1696-1

DSA-1697-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10601-1

RHSA-2008:0976

RHSA-2008:0977

RHSA-2008_0976

RHSA-2008_0977

Affected Products

Debian

Firefox

Red Hat

Seamonkey

Suse

Thunderbird

PT-2008-6930 · Mozilla+3 · Firefox+5

CVE-2008-5012

Weakness Enumeration

Related Identifiers

Affected Products

References · 1467