CVE-2008-5507

Published: Dec 17, 2008Modified: Apr 23, 2026

6.0

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability: 6.8 / Impact: 6.4

Source: NVD

Description

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

Affected (10)

Products: Mozilla: Firefox, Seamonkey, Thunderbird · Canonical: Ubuntu Linux · Debian: Debian Linux

3 products

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	From 2.0 to 2.0.0.19
Mozilla Firefox	From 3.0 to 3.0.5
Mozilla Seamonkey	From 1.0 to 1.1.14
Mozilla Thunderbird	From 2.0 to 2.0.0.19

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 7.10
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0
Debian Debian Linux	Version 5.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (88)

http://scary.beasts.org/security/CESA-2008-011.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33184

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33188

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33189

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33203

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33204

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33205

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33216

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33231

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33232

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33408

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33415

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33421

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33433

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33434

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33523

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/33547

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/34501

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/35080

Source: secalert@redhat.com

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: secalert@redhat.com

Broken Link

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

Source: secalert@redhat.com

Broken Link

http://www.debian.org/security/2009/dsa-1696

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2009/dsa-1697

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2009/dsa-1704

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2009/dsa-1707

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

Source: secalert@redhat.com

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-65.html

Source: secalert@redhat.com

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-1036.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-1037.html

Source: secalert@redhat.com

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2009-0002.html

Source: secalert@redhat.com

Third Party Advisory

http://www.securityfocus.com/archive/1/499353/100/0/threaded

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/32882

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021423

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-690-2

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/usn-701-1

Source: secalert@redhat.com

Third Party Advisory

http://www.ubuntu.com/usn/usn-701-2

Source: secalert@redhat.com

Third Party Advisory

http://www.vupen.com/english/advisories/2009/0977

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=461735

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/47413

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/690-1/

Source: secalert@redhat.com

Third Party Advisory

https://usn.ubuntu.com/690-3/

Source: secalert@redhat.com

Third Party Advisory

http://scary.beasts.org/security/CESA-2008-011.html