CVE-2008-5506Mozilla Firefox vulnerability

CWE-26410 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
0.5%
top 33.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Mozilla FirefoxMozilla SeamonkeyMozilla Thunderbird+2 more
Timeline
PublishedDec 17
Latest updateMay 14

Description

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDmozilla/firefox2.02.0.0.19+1
NVDmozilla/seamonkey1.01.1.14
NVDmozilla/thunderbird2.02.0.0.19

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

2
GHSA
GHSA-rcg4-3qvg-p2xp: Mozilla Firefox 32022-05-14
CVEList
CVE-2008-5506: Mozilla Firefox 32008-12-17

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2009-01-06
Ubuntu
Thunderbird vulnerabilities2009-01-06
Ubuntu
Firefox vulnerabilities2008-12-18
Ubuntu
Firefox vulnerabilities2008-12-18
Ubuntu
Firefox and xulrunner vulnerabilities2008-12-17

💬Community

1
Bugzilla
CVE-2008-5506 Firefox XMLHttpRequest 302 response disclosure2008-12-12
CVE-2008-5506 — Mozilla Firefox vulnerability | cvebase