CVE-2008-1238
CVSS v2.0
5 (Medium)
EPSS
0.89 % (83th)
Affected Products
2
Advisories
6
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.
Weaknesses
- CWE-287
- Improper Authentication
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2008-03-27 10:44:00
(16 years ago) - Updated Date
-
2023-02-13 02:18:51
(19 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...