Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."

Published

2008-12-17T23:30:00.563

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 2.0.0.19	Yes
Application	mozilla	firefox	< 3.0.5	Yes
Application	mozilla	seamonkey	< 1.1.14	Yes
Application	mozilla	thunderbird	< 2.0.0.19	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes

References

http://secunia.com/advisories/33184 Third Party Advisory ([email protected])
http://secunia.com/advisories/33188 Third Party Advisory ([email protected])
http://secunia.com/advisories/33189 Third Party Advisory ([email protected])
http://secunia.com/advisories/33203 Third Party Advisory ([email protected])
http://secunia.com/advisories/33204 Third Party Advisory ([email protected])
http://secunia.com/advisories/33205 Third Party Advisory ([email protected])
http://secunia.com/advisories/33216 Third Party Advisory ([email protected])
http://secunia.com/advisories/33231 Third Party Advisory ([email protected])
http://secunia.com/advisories/33232 Third Party Advisory ([email protected])
http://secunia.com/advisories/33408 Third Party Advisory ([email protected])
http://secunia.com/advisories/33415 Third Party Advisory ([email protected])
http://secunia.com/advisories/33421 Third Party Advisory ([email protected])
http://secunia.com/advisories/33433 Third Party Advisory ([email protected])
http://secunia.com/advisories/33434 Third Party Advisory ([email protected])
http://secunia.com/advisories/33523 Third Party Advisory ([email protected])
http://secunia.com/advisories/33547 Third Party Advisory ([email protected])
http://secunia.com/advisories/34501 Third Party Advisory ([email protected])
http://secunia.com/advisories/35080 Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1704 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021427 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-2 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=458248 Issue Tracking, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/47412 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512 Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-3/ Third Party Advisory ([email protected])
http://secunia.com/advisories/33184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33189 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33204 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33205 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33231 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33232 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33415 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33421 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33433 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33434 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33523 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33547 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35080 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1704 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-64.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021427 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=458248 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47412 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-3/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)