Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5507

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-5507
Last Modified 30 Oct 2012 11:07:53
Published 17 Dec 2008 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-5507

Summary

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0

  • Mozilla Firefox 2.0.0.1

  • Mozilla Firefox 2.0.0.10

  • Mozilla Firefox 2.0.0.11

  • Mozilla Firefox 2.0.0.12

  • Mozilla Firefox 2.0.0.13

  • Mozilla Firefox 2.0.0.14

  • Mozilla Firefox 2.0.0.15

  • Mozilla Firefox 2.0.0.16

  • Mozilla Firefox 2.0.0.17

  • Mozilla Firefox 2.0.0.18

  • Mozilla Firefox 2.0.0.2

  • Mozilla Firefox 2.0.0.3

  • Mozilla Firefox 2.0.0.4

  • Mozilla Firefox 2.0.0.5

  • Mozilla Firefox 2.0.0.6

  • Mozilla Firefox 2.0.0.7

  • Mozilla Firefox 2.0.0.8

  • Mozilla Firefox 2.0.0.9

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3

  • Mozilla Firefox 3.0.4

  • Mozilla Seamonkey 1.0

  • Mozilla Seamonkey 1.0.1

  • Mozilla Seamonkey 1.0.2

  • Mozilla Seamonkey 1.0.3

  • Mozilla Seamonkey 1.0.5

  • Mozilla Seamonkey 1.0.6

  • Mozilla Seamonkey 1.0.7

  • Mozilla Seamonkey 1.0.8

  • Mozilla Seamonkey 1.0.9

  • Mozilla Seamonkey 1.1

  • Mozilla Seamonkey 1.1.1

  • Mozilla Seamonkey 1.1.10

  • Mozilla Seamonkey 1.1.11

  • Mozilla Seamonkey 1.1.12

  • Mozilla Seamonkey 1.1.13

  • Mozilla Seamonkey 1.1.2

  • Mozilla Seamonkey 1.1.3

  • Mozilla Seamonkey 1.1.4

  • Mozilla Seamonkey 1.1.5

  • Mozilla Seamonkey 1.1.6

  • Mozilla Seamonkey 1.1.7

  • Mozilla Seamonkey 1.1.8

  • Mozilla Seamonkey 1.1.9

  • Mozilla Thunderbird 2.0.0.0

  • Mozilla Thunderbird 2.0.0.12

  • Mozilla Thunderbird 2.0.0.14

  • Mozilla Thunderbird 2.0.0.16

  • Mozilla Thunderbird 2.0.0.17

  • Mozilla Thunderbird 2.0.0.18

  • Mozilla Thunderbird 2.0.0.4

  • Mozilla Thunderbird 2.0.0.5

  • Mozilla Thunderbird 2.0.0.6

  • Mozilla Thunderbird 2.0.0.9


References

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=461735

XF - mozilla-javascripturl-infor-disclosure(47413)

VUPEN - ADV-2009-0977

UBUNTU - USN-690-3

UBUNTU - USN-690-1

UBUNTU - USN-690-2

SECTRACK - 1021423

BID - 32882

BUGTRAQ - 20081218 Firefox cross-domain text theft (CESA-2008-011)

REDHAT - RHSA-2009:0002

REDHAT - RHSA-2008:1037

REDHAT - RHSA-2008:1036

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-65.html

MANDRIVA - MDVSA-2009:012

MANDRIVA - MDVSA-2008:245

MANDRIVA - MDVSA-2008:244

DEBIAN - DSA-1707

DEBIAN - DSA-1704

DEBIAN - DSA-1697

DEBIAN - DSA-1696

SUNALERT - 258748

SUNALERT - 256408

SECUNIA - 35080

SECUNIA - 34501

SECUNIA - 33547

SECUNIA - 33523

SECUNIA - 33434

SECUNIA - 33433

SECUNIA - 33421

SECUNIA - 33232

SECUNIA - 33231

SECUNIA - 33216

SECUNIA - 33205

SECUNIA - 33204

SECUNIA - 33203

SECUNIA - 33189

SECUNIA - 33188

SECUNIA - 33184

MISC - http://scary.beasts.org/security/CESA-2008-011.html

UBUNTU - USN-701-2

UBUNTU - USN-701-1

SECUNIA - 33415

SECUNIA - 33408

Related Patches

Novell SUSE 2008:5889 epiphany security update for SLE 10 SP2 i586

Mozilla Firefox 2.0.0.20 for Windows (Update)


Last Updated: 27 May 2016 10:49:48