CVE-2008-0593Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure6 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.1%
top 22.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxMozilla Seamonkey
Timeline
PublishedFeb 9
Latest updateMay 1

Description

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmozilla/firefox2.0.0.11+9
NVDmozilla/seamonkey1.1.17+21

🔴Vulnerability Details

1
GHSA
GHSA-x927-rph6-c38j: Gecko-based browsers, including Mozilla Firefox before 22022-05-01

📋Vendor Advisories

2
Ubuntu
Firefox vulnerabilities2008-02-08
Red Hat
Mozilla URL token stealing flaw2008-02-07

💬Community

2
Bugzilla
CVE-2010-0648 webkit: stylesheet URL property leaks redirection target2010-02-24
Bugzilla
CVE-2008-0593 Mozilla URL token stealing flaw2008-02-06
CVE-2008-0593 — Sensitive Information Exposure | cvebase