CVE-2008-5507 Information

Feb 14, 2021 cve

Description

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 Thunderbird 2.x before 2.0.0.19 and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource which generates an error if the target data does not have JavaScript syntax which can be accessed using the window.onerror DOM API.

Reference

http://scary.beasts.org/security/CESA-2008-011.html http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/33523 http://secunia.com/advisories/33547 http://secunia.com/advisories/34501 http://secunia.com/advisories/35080 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 http://www.debian.org/security/2009/dsa-1696 http://www.debian.org/security/2009/dsa-1697 http://www.debian.org/security/2009/dsa-1704 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 http://www.mozilla.org/security/announce/2008/mfsa2008-65.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://www.redhat.com/support/errata/RHSA-2008-1037.html http://www.redhat.com/support/errata/RHSA-2009-0002.html http://www.securityfocus.com/archive/1/499353/100/0/threaded http://www.securityfocus.com/bid/32882 http://www.securitytracker.com/id?1021423 http://www.ubuntu.com/usn/usn-690-2 http://www.ubuntu.com/usn/usn-701-1 http://www.ubuntu.com/usn/usn-701-2 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=461735 https://exchange.xforce.ibmcloud.com/vulnerabilities/47413 mozilla-javascripturl-infor-disclosure(47413) https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9376 https://usn.ubuntu.com/690-1/ https://usn.ubuntu.com/690-3/

Share on: