| Vulnerability Name: | CVE-2008-5507 (CCN-47413) | ||||||||
| Assigned: | 2008-12-16 | ||||||||
| Published: | 2008-12-16 | ||||||||
| Updated: | 2018-11-08 | ||||||||
| Summary: | Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P) 4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-5507 Source: CCN Type: RHSA-2008-1036 Critical: firefox security update Source: CCN Type: RHSA-2008-1037 Critical: seamonkey security update Source: CCN Type: RHSA-2009-0002 Moderate: thunderbird security update Source: CCN Type: CESA-2008-011 - rev 1 Firefox cross-domain information theft (simple text strings, some CSV) Source: MISC Type: Third Party Advisory http://scary.beasts.org/security/CESA-2008-011.html Source: CCN Type: SA33184 Mozilla Firefox 2 Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 33184 Source: SECUNIA Type: Third Party Advisory 33188 Source: SECUNIA Type: Third Party Advisory 33189 Source: CCN Type: SA33203 Mozilla Firefox 3 Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 33203 Source: CCN Type: SA33204 Mozilla SeaMonkey Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 33204 Source: CCN Type: SA33205 Mozilla Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 33205 Source: SECUNIA Type: Third Party Advisory 33216 Source: SECUNIA Type: Third Party Advisory 33231 Source: SECUNIA Type: Third Party Advisory 33232 Source: SECUNIA Type: Third Party Advisory 33408 Source: SECUNIA Type: Third Party Advisory 33415 Source: SECUNIA Type: Third Party Advisory 33421 Source: SECUNIA Type: Third Party Advisory 33433 Source: SECUNIA Type: Third Party Advisory 33434 Source: SECUNIA Type: Third Party Advisory 33523 Source: SECUNIA Type: Third Party Advisory 33547 Source: CCN Type: SA34501 Sun Solaris Firefox Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 34501 Source: CCN Type: SA35080 Sun Solaris Thunderbird Multiple Vulnerabilities Source: SECUNIA Type: Third Party Advisory 35080 Source: CCN Type: SECTRACK ID: 1021423 Mozilla Firefox window.onerror DOM API Lets Remote Users Obtain Potentially Sensitive Information Source: SUNALERT Type: Broken Link 256408 Source: SUNALERT Type: Broken Link 258748 Source: CCN Type: Sun Alert ID: 256408 Multiple Security Vulnerabilities in Firefox Versions Before 2.0.0.19 May Allow Execution of Arbitrary Code or Access to Unauthorized Data Source: CCN Type: Sun Alert ID: 258748 Multiple Security Vulnerabilities in Mozilla Thunderbird Versions Prior to 2.0.0.19 May Allow Execution of Arbitrary Code or Unauthorized Access to Data Source: CCN Type: ASA-2008-506 firefox security update (RHSA-2008-1036) Source: CCN Type: ASA-2009-004 thunderbird security update (RHSA-2009-0002) Source: CCN Type: ASA-2009-007 seamonkey security update (RHSA-2008-1037) Source: CCN Type: ASA-2009-158 Multiple Security Vulnerabilities in Firefox Versions Before 2.0.0.19 May Allow Execution of Arbitrary Code or Access to unauthorized Data (Sun 256408) Source: CCN Type: ASA-2009-190 Multiple Security Vulnerabilities in Mozilla Thunderbird Versions Prior to 2.0.0.19 May Allow Execution of Arbitrary Code or Unauthorized Access to Data (Sun 258748) Source: CCN Type: NORTEL BULLETIN ID: 2009009505, Rev 1 Nortel Response to Sun Alert 256408 - Solaris 10 - Vulnerabilities in Firefox May Allow Execution of Arbitrary Code Source: DEBIAN Type: Third Party Advisory DSA-1696 Source: DEBIAN Type: Third Party Advisory DSA-1697 Source: DEBIAN Type: Third Party Advisory DSA-1704 Source: DEBIAN Type: Third Party Advisory DSA-1707 Source: DEBIAN Type: DSA-1696 icedove -- several vulnerabilities Source: DEBIAN Type: DSA-1697 iceape -- several vulnerabilities Source: DEBIAN Type: DSA-1704 xulrunner -- several vulnerabilities Source: DEBIAN Type: DSA-1707 iceweasel -- several vulnerabilities Source: MANDRIVA Type: Third Party Advisory MDVSA-2008:244 Source: MANDRIVA Type: Third Party Advisory MDVSA-2008:245 Source: MANDRIVA Type: Third Party Advisory MDVSA-2009:012 Source: CCN Type: MFSA 2008-65 Cross-domain data theft via script redirect error message Source: CONFIRM Type: Vendor Advisory http://www.mozilla.org/security/announce/2008/mfsa2008-65.html Source: REDHAT Type: Third Party Advisory RHSA-2008:1036 Source: REDHAT Type: Third Party Advisory RHSA-2008:1037 Source: REDHAT Type: Third Party Advisory RHSA-2009:0002 Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20081218 Firefox cross-domain text theft (CESA-2008-011) Source: BID Type: Third Party Advisory, VDB Entry 32882 Source: CCN Type: BID-32882 Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1021423 Source: CCN Type: USN-690-1 Firefox and xulrunner vulnerabilities Source: CCN Type: USN-690-2 Firefox vulnerabilities Source: UBUNTU Type: Third Party Advisory USN-690-2 Source: CCN Type: USN-690-3 Firefox vulnerabilities Source: CCN Type: USN-701-1 Thunderbird vulnerabilities Source: UBUNTU Type: Third Party Advisory USN-701-1 Source: CCN Type: USN-701-2 Thunderbird vulnerabilities Source: UBUNTU Type: Third Party Advisory USN-701-2 Source: VUPEN Type: Third Party Advisory ADV-2009-0977 Source: CCN Type: Bugzilla@Mozilla - Bug 461735 Security: theft of strings cross-domain with redirect, |