CVE - CVE-2008-5506

CVE-ID
CVE-2008-5506	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021427 URL:http://www.securitytracker.com/id?1021427 MISC:256408 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1~~ (Obsolete source) MISC:258748 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1~~ (Obsolete source) MISC:32882 URL:http://www.securityfocus.com/bid/32882 MISC:33184 URL:http://secunia.com/advisories/33184 MISC:33188 URL:http://secunia.com/advisories/33188 MISC:33189 URL:http://secunia.com/advisories/33189 MISC:33203 URL:http://secunia.com/advisories/33203 MISC:33204 URL:http://secunia.com/advisories/33204 MISC:33205 URL:http://secunia.com/advisories/33205 MISC:33216 URL:http://secunia.com/advisories/33216 MISC:33231 URL:http://secunia.com/advisories/33231 MISC:33232 URL:http://secunia.com/advisories/33232 MISC:33408 URL:http://secunia.com/advisories/33408 MISC:33415 URL:http://secunia.com/advisories/33415 MISC:33421 URL:http://secunia.com/advisories/33421 MISC:33433 URL:http://secunia.com/advisories/33433 MISC:33434 URL:http://secunia.com/advisories/33434 MISC:33523 URL:http://secunia.com/advisories/33523 MISC:33547 URL:http://secunia.com/advisories/33547 MISC:34501 URL:http://secunia.com/advisories/34501 MISC:35080 URL:http://secunia.com/advisories/35080 MISC:ADV-2009-0977 URL:~~http://www.vupen.com/english/advisories/2009/0977~~ (Obsolete source) MISC:DSA-1696 URL:http://www.debian.org/security/2009/dsa-1696 MISC:DSA-1697 URL:http://www.debian.org/security/2009/dsa-1697 MISC:DSA-1704 URL:http://www.debian.org/security/2009/dsa-1704 MISC:DSA-1707 URL:http://www.debian.org/security/2009/dsa-1707 MISC:MDVSA-2008:244 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:244~~ (Obsolete source) MISC:MDVSA-2008:245 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:245~~ (Obsolete source) MISC:MDVSA-2009:012 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:012~~ (Obsolete source) MISC:RHSA-2008:1036 URL:http://www.redhat.com/support/errata/RHSA-2008-1036.html MISC:RHSA-2008:1037 URL:http://www.redhat.com/support/errata/RHSA-2008-1037.html MISC:RHSA-2009:0002 URL:http://www.redhat.com/support/errata/RHSA-2009-0002.html MISC:USN-690-1 URL:https://usn.ubuntu.com/690-1/ MISC:USN-690-2 URL:http://www.ubuntu.com/usn/usn-690-2 MISC:USN-690-3 URL:https://usn.ubuntu.com/690-3/ MISC:USN-701-1 URL:http://www.ubuntu.com/usn/usn-701-1 MISC:USN-701-2 URL:http://www.ubuntu.com/usn/usn-701-2 MISC:http://www.mozilla.org/security/announce/2008/mfsa2008-64.html URL:http://www.mozilla.org/security/announce/2008/mfsa2008-64.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=458248 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=458248 MISC:mozilla-xmlhttprequest-302-info-disclosure(47412) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/47412 MISC:oval:org.mitre.oval:def:10512 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512
Assigning CNA
Red Hat, Inc.
Date Record Created
20081212	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081212)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)