CVE-2008-5507 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure10 documents6 sources

Severity

6.0MEDIUMNVD

EPSS

0.2%

top 55.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +2 more

Timeline

PublishedDec 17

Latest updateMay 14

Description

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

▶NVDmozilla/firefox2.0 — 2.0.0.19+1

▶NVDmozilla/seamonkey1.0 — 1.1.14

▶NVDmozilla/thunderbird2.0 — 2.0.0.19

Also affects: Debian Linux 4.0, 5.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

GHSA

GHSA-q2h5-97m4-jvvg: Mozilla Firefox 3↗2022-05-14

▶

CVEList

CVE-2008-5507: Mozilla Firefox 3↗2008-12-17

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2009-01-06

▶

Ubuntu

Thunderbird vulnerabilities↗2009-01-06

▶

Ubuntu

Firefox vulnerabilities↗2008-12-18

▶

Ubuntu

Firefox vulnerabilities↗2008-12-18

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-12-17

▶

💬Community

Bugzilla

CVE-2008-5507 Firefox Cross-domain data theft via script redirect error message↗2008-12-12

▶