CVE-2008-5507

CVSS v2.0 6 (Medium)

EPSS 0.34 % (72^th)

Affected Products 5

Advisories 14

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-12-17 23:30:00
(15 years ago)
Updated Date: 2018-11-08 20:12:11
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:firefox	>= 2.0	< 2.0.0.19
Mozilla Firefox from 3.0 version and prior 3.0.5 version	cpe:2.3:a:mozilla:firefox	>= 3.0	< 3.0.5
Mozilla Seamonkey from 1.0 version and prior 1.1.14 version	cpe:2.3:a:mozilla:seamonkey	>= 1.0	< 1.1.14
Mozilla Thunderbird from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:thunderbird	>= 2.0	< 2.0.0.19

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::*:lts
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts
	Canonical Ubuntu Linux 8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0