Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0593

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0593
Last Modified 18 Oct 2011 12:00:00
Published 08 Feb 2008 08:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0593

Summary

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

Vulnerable Systems

Application

  • Mozilla Firefox 0.2

  • Mozilla Firefox 0.9.2

  • Mozilla Firefox 1.0.2

  • Mozilla Firefox 1.5.0.12

  • Mozilla Firefox 1.5.0.2

  • Mozilla Firefox 1.5.2

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Seamonkey

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.4

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.0.99

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.14

  • Mozilla Seamonkey 1.1.15

  • Mozilla Seamonkey 1.1.16

  • Mozilla Seamonkey 1.1.17

  • Mozilla Seamonkey 1.1.2


References

FEDORA - FEDORA-2008-2118

FEDORA - FEDORA-2008-2060

FEDORA - FEDORA-2008-1535

FEDORA - FEDORA-2008-1459

FEDORA - FEDORA-2008-1435

CONFIRM - https://bugzilla.mozilla.org/show_bug.cgi?id=397427

VUPEN - ADV-2008-1793

VUPEN - ADV-2008-0627

VUPEN - ADV-2008-0453

UBUNTU - USN-576-1

SECTRACK - 1019341

BID - 27683

BUGTRAQ - 20080209 rPSA-2008-0051-1 firefox

REDHAT - RHSA-2008:0105

REDHAT - RHSA-2008:0104

REDHAT - RHSA-2008:0103

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-10.html

MANDRIVA - MDVSA-2008:048

GENTOO - GLSA-200805-18

DEBIAN - DSA-1506

DEBIAN - DSA-1489

DEBIAN - DSA-1485

DEBIAN - DSA-1484

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0051

CONFIRM - http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html

SUNALERT - 238492

SECUNIA - 30620

SECUNIA - 30327

SECUNIA - 29567

SECUNIA - 29167

SECUNIA - 29086

SECUNIA - 29049

SECUNIA - 28958

SECUNIA - 28939

SECUNIA - 28924

SECUNIA - 28879

SECUNIA - 28877

SECUNIA - 28865

SECUNIA - 28864

SECUNIA - 28839

SECUNIA - 28818

SECUNIA - 28815

SECUNIA - 28766

SECUNIA - 28758

SECUNIA - 28754

SUSE - SUSE-SA:2008:008

CONFIRM - http://browser.netscape.com/releasenotes/


Last Updated: 27 May 2016 10:46:52