1. Home
  2. Vulnerabilities
  3. CVE-2008-1238

CVE-2008-1238

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.89 % (83th)
0.89% Progress
Affected Products 2
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Weaknesses
CWE-287
Improper Authentication
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-03-27 10:44:00
(16 years ago)
Updated Date
2023-02-13 02:18:51
(19 months ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 2.0.0.12 and prior versions cpe:2.3:a:mozilla:firefox <= 2.0.0.12
  Mozilla Seamonkey 1.1.8 and prior versions cpe:2.3:a:mozilla:seamonkey <= 1.1.8