CVE-2008-5507: Infoleak
First published: Wed Dec 17 2008(Updated: )
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | >=2.0<2.0.0.19 | |
| Firefox | >=3.0<3.0.5 | |
| Mozilla SeaMonkey | >=1.0<1.1.14 | |
| Thunderbird | >=2.0<2.0.0.19 | |
| Ubuntu | =6.06 | |
| Ubuntu | =7.10 | |
| Ubuntu | =8.04 | |
| Ubuntu | =8.10 | |
| Debian Linux | =5.0 | |
| Debian Linux | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://scary.beasts.org/security/CESA-2008-011.html
- http://secunia.com/advisories/33184
- http://secunia.com/advisories/33188
- http://secunia.com/advisories/33189
- http://secunia.com/advisories/33203
- http://secunia.com/advisories/33204
- http://secunia.com/advisories/33205
- http://secunia.com/advisories/33216
- http://secunia.com/advisories/33231
- http://secunia.com/advisories/33232
- http://secunia.com/advisories/33408
- http://secunia.com/advisories/33415
- http://secunia.com/advisories/33421
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/33434
- http://secunia.com/advisories/33523
- http://secunia.com/advisories/33547
- http://secunia.com/advisories/34501
- http://secunia.com/advisories/35080
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
- http://www.debian.org/security/2009/dsa-1696
- http://www.debian.org/security/2009/dsa-1697
- http://www.debian.org/security/2009/dsa-1704
- http://www.debian.org/security/2009/dsa-1707
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
- http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
- http://www.redhat.com/support/errata/RHSA-2008-1036.html
- http://www.redhat.com/support/errata/RHSA-2008-1037.html
- http://www.redhat.com/support/errata/RHSA-2009-0002.html
- http://www.securityfocus.com/archive/1/499353/100/0/threaded
- http://www.securityfocus.com/bid/32882
- http://www.securitytracker.com/id?1021423
- http://www.ubuntu.com/usn/usn-690-2
- http://www.ubuntu.com/usn/usn-701-1
- http://www.ubuntu.com/usn/usn-701-2
- http://www.vupen.com/english/advisories/2009/0977
- https://bugzilla.mozilla.org/show_bug.cgi?id=461735
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47413
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376
- https://usn.ubuntu.com/690-1/
- https://usn.ubuntu.com/690-3/
Frequently Asked Questions
What is the severity of CVE-2008-5507?
CVE-2008-5507 has a severity rating that allows remote attackers to bypass the same-origin policy.
How do I fix CVE-2008-5507?
To fix CVE-2008-5507, update Mozilla Firefox, Thunderbird, or SeaMonkey to versions above the vulnerable ones specified in the advisory.
Which versions are affected by CVE-2008-5507?
CVE-2008-5507 affects Mozilla Firefox versions 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird before 2.0.0.19, and SeaMonkey before 1.1.14.
What kind of attack is CVE-2008-5507 associated with?
CVE-2008-5507 is associated with JavaScript URL redirection that allows for unauthorized data access from another domain.
Is CVE-2008-5507 a local or remote vulnerability?
CVE-2008-5507 is a remote vulnerability that can be exploited by attackers over the internet.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/2.0
- version/firefox/3.0
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0
- canonical/thunderbird
- version/thunderbird/2.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/6.06
- version/ubuntu/7.10
- version/ubuntu/8.04
- version/ubuntu/8.10
- vendor/debian
- canonical/debian linux
- version/debian linux/5.0
- version/debian linux/4.0