Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5508

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.

Published

2008-12-17T23:30:00.593

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 2.0.0.19	Yes
Application	mozilla	firefox	< 3.0.5	Yes
Application	mozilla	seamonkey	< 1.1.14	Yes
Application	mozilla	thunderbird	< 2.0.0.19	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes

References

http://secunia.com/advisories/33184 Third Party Advisory ([email protected])
http://secunia.com/advisories/33188 Third Party Advisory ([email protected])
http://secunia.com/advisories/33189 Third Party Advisory ([email protected])
http://secunia.com/advisories/33203 Third Party Advisory ([email protected])
http://secunia.com/advisories/33204 Third Party Advisory ([email protected])
http://secunia.com/advisories/33205 Third Party Advisory ([email protected])
http://secunia.com/advisories/33216 Third Party Advisory ([email protected])
http://secunia.com/advisories/33231 Third Party Advisory ([email protected])
http://secunia.com/advisories/33408 Third Party Advisory ([email protected])
http://secunia.com/advisories/33415 Third Party Advisory ([email protected])
http://secunia.com/advisories/33421 Third Party Advisory ([email protected])
http://secunia.com/advisories/33433 Third Party Advisory ([email protected])
http://secunia.com/advisories/33434 Third Party Advisory ([email protected])
http://secunia.com/advisories/33523 Third Party Advisory ([email protected])
http://secunia.com/advisories/33547 Third Party Advisory ([email protected])
http://secunia.com/advisories/34501 Third Party Advisory ([email protected])
http://secunia.com/advisories/35080 Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1704 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021426 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-2 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=425046 Issue Tracking, Vendor Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=460803 Issue Tracking, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/47414 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040 Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-1/ Third Party Advisory ([email protected])
http://secunia.com/advisories/33184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33189 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33204 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33205 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33231 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33415 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33421 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33433 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33434 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33523 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33547 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35080 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1704 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-66.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021426 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=425046 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=460803 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47414 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11040 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)