What is the severity of CVE-2008-5012?

CVE-2008-5012 has a moderate severity level, allowing attackers to bypass the same origin policy.

How do I fix CVE-2008-5012?

To fix CVE-2008-5012, upgrade to a version of Firefox, Thunderbird, or SeaMonkey that is 2.0.0.18 or later, or apply patches provided by your vendor.

What types of applications are affected by CVE-2008-5012?

CVE-2008-5012 affects Mozilla Firefox 2.x, Thunderbird 2.x, and SeaMonkey 1.x prior to the specified fixed versions.

Can CVE-2008-5012 lead to data exposure?

Yes, CVE-2008-5012 can potentially lead to exposure of sensitive data by allowing unauthorized access to images from untrusted sources.

What can attackers gain from exploiting CVE-2008-5012?

Attackers exploiting CVE-2008-5012 can gain the ability to access and manipulate images that should be restricted by the same origin policy.

Vulnerability/
CVE-2008-5012

medium

CWE

200

13/11/2008

7/8/2024

CVE-2008-5012: Infoleak

First published: Thu Nov 13 2008(Updated: )

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Mozilla Firefox	<=2.0.0.17
Mozilla Firefox	=0.8
Mozilla Firefox	=0.9
Mozilla Firefox	=0.9-rc
Mozilla Firefox	=0.9.1
Mozilla Firefox	=0.9.2
Mozilla Firefox	=0.9.3
Mozilla Firefox	=0.9_rc
Mozilla Firefox	=0.10
Mozilla Firefox	=0.10.1
Mozilla Firefox	=1.0
Mozilla Firefox	=1.0.1
Mozilla Firefox	=1.0.2
Mozilla Firefox	=1.0.3
Mozilla Firefox	=1.0.4
Mozilla Firefox	=1.0.5
Mozilla Firefox	=1.0.6
Mozilla Firefox	=1.0.6
Mozilla Firefox	=1.0.7
Mozilla Firefox	=1.0.8
Mozilla Firefox	=1.5
Mozilla Firefox	=1.5-beta1
Mozilla Firefox	=1.5-beta2
Mozilla Firefox	=1.5.0.1
Mozilla Firefox	=1.5.0.2
Mozilla Firefox	=1.5.0.3
Mozilla Firefox	=1.5.0.4
Mozilla Firefox	=1.5.0.5
Mozilla Firefox	=1.5.0.6
Mozilla Firefox	=1.5.0.7
Mozilla Firefox	=1.5.0.8
Mozilla Firefox	=1.5.0.9
Mozilla Firefox	=1.5.0.10
Mozilla Firefox	=1.5.0.11
Mozilla Firefox	=1.5.0.12
Mozilla Firefox	=1.5.1
Mozilla Firefox	=1.5.2
Mozilla Firefox	=1.5.3
Mozilla Firefox	=1.5.4
Mozilla Firefox	=1.5.5
Mozilla Firefox	=1.5.6
Mozilla Firefox	=1.5.7
Mozilla Firefox	=1.5.8
Mozilla Firefox	=1.8
Mozilla Firefox	=2.0
Mozilla Firefox	=2.0-beta_1
Mozilla Firefox	=2.0-beta1
Mozilla Firefox	=2.0-rc2
Mozilla Firefox	=2.0-rc3
Mozilla Firefox	=2.0.0.1
Mozilla Firefox	=2.0.0.2
Mozilla Firefox	=2.0.0.3
Mozilla Firefox	=2.0.0.4
Mozilla Firefox	=2.0.0.5
Mozilla Firefox	=2.0.0.6
Mozilla Firefox	=2.0.0.7
Mozilla Firefox	=2.0.0.8
Mozilla Firefox	=2.0.0.9
Mozilla Firefox	=2.0.0.10
Mozilla Firefox	=2.0.0.11
Mozilla Firefox	=2.0.0.12
Mozilla Firefox	=2.0.0.13
Mozilla Firefox	=2.0.0.14
Mozilla Firefox	=2.0.0.15
Mozilla Firefox	=2.0.0.16
Mozilla SeaMonkey	<=1.1.12
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=1.0
Mozilla SeaMonkey	=1.0-beta
Mozilla SeaMonkey	=1.0.1
Mozilla SeaMonkey	=1.0.2
Mozilla SeaMonkey	=1.0.3
Mozilla SeaMonkey	=1.0.4
Mozilla SeaMonkey	=1.0.5
Mozilla SeaMonkey	=1.0.6
Mozilla SeaMonkey	=1.0.7
Mozilla SeaMonkey	=1.0.8
Mozilla SeaMonkey	=1.0.9
Mozilla SeaMonkey	=1.0.99
Mozilla SeaMonkey	=1.1
Mozilla SeaMonkey	=1.1-beta
Mozilla SeaMonkey	=1.1.1
Mozilla SeaMonkey	=1.1.2
Mozilla SeaMonkey	=1.1.3
Mozilla SeaMonkey	=1.1.4
Mozilla SeaMonkey	=1.1.5
Mozilla SeaMonkey	=1.1.5-1.1.10
Mozilla SeaMonkey	=1.1.6
Mozilla SeaMonkey	=1.1.7
Mozilla SeaMonkey	=1.1.8
Mozilla SeaMonkey	=1.1.9
Mozilla SeaMonkey	=1.1.10
Mozilla SeaMonkey	=1.1.11
Mozilla Thunderbird	<=2.0.0.17
Mozilla Thunderbird	=0.1
Mozilla Thunderbird	=0.2
Mozilla Thunderbird	=0.3
Mozilla Thunderbird	=0.4
Mozilla Thunderbird	=0.5
Mozilla Thunderbird	=0.6
Mozilla Thunderbird	=0.7
Mozilla Thunderbird	=0.7.1
Mozilla Thunderbird	=0.7.2
Mozilla Thunderbird	=0.7.3
Mozilla Thunderbird	=0.8
Mozilla Thunderbird	=0.9
Mozilla Thunderbird	=1.0
Mozilla Thunderbird	=1.0.1
Mozilla Thunderbird	=1.0.2
Mozilla Thunderbird	=1.0.3
Mozilla Thunderbird	=1.0.4
Mozilla Thunderbird	=1.0.5
Mozilla Thunderbird	=1.0.5-beta
Mozilla Thunderbird	=1.0.6
Mozilla Thunderbird	=1.0.7
Mozilla Thunderbird	=1.0.8
Mozilla Thunderbird	=1.5
Mozilla Thunderbird	=1.5-beta2
Mozilla Thunderbird	=1.5.0.1
Mozilla Thunderbird	=1.5.0.2
Mozilla Thunderbird	=1.5.0.3
Mozilla Thunderbird	=1.5.0.4
Mozilla Thunderbird	=1.5.0.6
Mozilla Thunderbird	=1.5.0.7
Mozilla Thunderbird	=1.5.0.8
Mozilla Thunderbird	=1.5.0.9
Mozilla Thunderbird	=1.5.0.10
Mozilla Thunderbird	=1.5.0.11
Mozilla Thunderbird	=1.5.1
Mozilla Thunderbird	=1.5.2
Mozilla Thunderbird	=1.7.1
Mozilla Thunderbird	=1.7.3
Mozilla Thunderbird	=2.0.0.0
Mozilla Thunderbird	=2.0.0.1
Mozilla Thunderbird	=2.0.0.2
Mozilla Thunderbird	=2.0.0.3
Mozilla Thunderbird	=2.0.0.4
Mozilla Thunderbird	=2.0.0.11
Mozilla Thunderbird	=2.0.0.12
Mozilla Thunderbird	=2.0.0.13
Mozilla Thunderbird	=2.0.0.14
Mozilla Thunderbird	=2.0.0.15
Mozilla Thunderbird	=2.0.0.16

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-5012?
CVE-2008-5012 has a moderate severity level, allowing attackers to bypass the same origin policy.
How do I fix CVE-2008-5012?
To fix CVE-2008-5012, upgrade to a version of Firefox, Thunderbird, or SeaMonkey that is 2.0.0.18 or later, or apply patches provided by your vendor.
What types of applications are affected by CVE-2008-5012?
CVE-2008-5012 affects Mozilla Firefox 2.x, Thunderbird 2.x, and SeaMonkey 1.x prior to the specified fixed versions.
Can CVE-2008-5012 lead to data exposure?
Yes, CVE-2008-5012 can potentially lead to exposure of sensitive data by allowing unauthorized access to images from untrusted sources.
What can attackers gain from exploiting CVE-2008-5012?
Attackers exploiting CVE-2008-5012 can gain the ability to access and manipulate images that should be restricted by the same origin policy.

agent/author
agent/type
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-historical
collector/nvd-index
agent/severity
agent/references
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/first-publish-date
agent/source
vendor/mozilla
canonical/mozilla firefox
version/mozilla firefox/2.0.0.17
version/mozilla firefox/0.8
version/mozilla firefox/0.9
version/mozilla firefox/0.9-rc
version/mozilla firefox/0.9.1
version/mozilla firefox/0.9.2
version/mozilla firefox/0.9.3
version/mozilla firefox/0.9_rc
version/mozilla firefox/0.10
version/mozilla firefox/0.10.1
version/mozilla firefox/1.0
version/mozilla firefox/1.0.1
version/mozilla firefox/1.0.2
version/mozilla firefox/1.0.3
version/mozilla firefox/1.0.4
version/mozilla firefox/1.0.5
version/mozilla firefox/1.0.6
version/mozilla firefox/1.0.7
version/mozilla firefox/1.0.8
version/mozilla firefox/1.5
version/mozilla firefox/1.5-beta1
version/mozilla firefox/1.5-beta2
version/mozilla firefox/1.5.0.1
version/mozilla firefox/1.5.0.2
version/mozilla firefox/1.5.0.3
version/mozilla firefox/1.5.0.4
version/mozilla firefox/1.5.0.5
version/mozilla firefox/1.5.0.6
version/mozilla firefox/1.5.0.7
version/mozilla firefox/1.5.0.8
version/mozilla firefox/1.5.0.9
version/mozilla firefox/1.5.0.10
version/mozilla firefox/1.5.0.11
version/mozilla firefox/1.5.0.12
version/mozilla firefox/1.5.1
version/mozilla firefox/1.5.2
version/mozilla firefox/1.5.3
version/mozilla firefox/1.5.4
version/mozilla firefox/1.5.5
version/mozilla firefox/1.5.6
version/mozilla firefox/1.5.7
version/mozilla firefox/1.5.8
version/mozilla firefox/1.8
version/mozilla firefox/2.0
version/mozilla firefox/2.0-beta_1
version/mozilla firefox/2.0-beta1
version/mozilla firefox/2.0-rc2
version/mozilla firefox/2.0-rc3
version/mozilla firefox/2.0.0.1
version/mozilla firefox/2.0.0.2
version/mozilla firefox/2.0.0.3
version/mozilla firefox/2.0.0.4
version/mozilla firefox/2.0.0.5
version/mozilla firefox/2.0.0.6
version/mozilla firefox/2.0.0.7
version/mozilla firefox/2.0.0.8
version/mozilla firefox/2.0.0.9
version/mozilla firefox/2.0.0.10
version/mozilla firefox/2.0.0.11
version/mozilla firefox/2.0.0.12
version/mozilla firefox/2.0.0.13
version/mozilla firefox/2.0.0.14
version/mozilla firefox/2.0.0.15
version/mozilla firefox/2.0.0.16
canonical/mozilla seamonkey
version/mozilla seamonkey/1.1.12
version/mozilla seamonkey/1.0
version/mozilla seamonkey/1.0-beta
version/mozilla seamonkey/1.0.1
version/mozilla seamonkey/1.0.2
version/mozilla seamonkey/1.0.3
version/mozilla seamonkey/1.0.4
version/mozilla seamonkey/1.0.5
version/mozilla seamonkey/1.0.6
version/mozilla seamonkey/1.0.7
version/mozilla seamonkey/1.0.8
version/mozilla seamonkey/1.0.9
version/mozilla seamonkey/1.0.99
version/mozilla seamonkey/1.1
version/mozilla seamonkey/1.1-beta
version/mozilla seamonkey/1.1.1
version/mozilla seamonkey/1.1.2
version/mozilla seamonkey/1.1.3
version/mozilla seamonkey/1.1.4
version/mozilla seamonkey/1.1.5
version/mozilla seamonkey/1.1.5-1.1.10
version/mozilla seamonkey/1.1.6
version/mozilla seamonkey/1.1.7
version/mozilla seamonkey/1.1.8
version/mozilla seamonkey/1.1.9
version/mozilla seamonkey/1.1.10
version/mozilla seamonkey/1.1.11
canonical/mozilla thunderbird
version/mozilla thunderbird/2.0.0.17
version/mozilla thunderbird/0.1
version/mozilla thunderbird/0.2
version/mozilla thunderbird/0.3
version/mozilla thunderbird/0.4
version/mozilla thunderbird/0.5
version/mozilla thunderbird/0.6
version/mozilla thunderbird/0.7
version/mozilla thunderbird/0.7.1
version/mozilla thunderbird/0.7.2
version/mozilla thunderbird/0.7.3
version/mozilla thunderbird/0.8
version/mozilla thunderbird/0.9
version/mozilla thunderbird/1.0
version/mozilla thunderbird/1.0.1
version/mozilla thunderbird/1.0.2
version/mozilla thunderbird/1.0.3
version/mozilla thunderbird/1.0.4
version/mozilla thunderbird/1.0.5
version/mozilla thunderbird/1.0.5-beta
version/mozilla thunderbird/1.0.6
version/mozilla thunderbird/1.0.7
version/mozilla thunderbird/1.0.8
version/mozilla thunderbird/1.5
version/mozilla thunderbird/1.5-beta2
version/mozilla thunderbird/1.5.0.1
version/mozilla thunderbird/1.5.0.2
version/mozilla thunderbird/1.5.0.3
version/mozilla thunderbird/1.5.0.4
version/mozilla thunderbird/1.5.0.6
version/mozilla thunderbird/1.5.0.7
version/mozilla thunderbird/1.5.0.8
version/mozilla thunderbird/1.5.0.9
version/mozilla thunderbird/1.5.0.10
version/mozilla thunderbird/1.5.0.11
version/mozilla thunderbird/1.5.1
version/mozilla thunderbird/1.5.2
version/mozilla thunderbird/1.7.1
version/mozilla thunderbird/1.7.3
version/mozilla thunderbird/2.0.0.0
version/mozilla thunderbird/2.0.0.1
version/mozilla thunderbird/2.0.0.2
version/mozilla thunderbird/2.0.0.3
version/mozilla thunderbird/2.0.0.4
version/mozilla thunderbird/2.0.0.11
version/mozilla thunderbird/2.0.0.12
version/mozilla thunderbird/2.0.0.13
version/mozilla thunderbird/2.0.0.14
version/mozilla thunderbird/2.0.0.15
version/mozilla thunderbird/2.0.0.16