CVE-2008-5012

MEDIUM

Description

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.

ID	Name	Product	Family	Severity
67765	Oracle Linux 3 / 4 : seamonkey (ELSA-2008-0977)	Nessus	Oracle Linux Local Security Checks	critical
67764	Oracle Linux 4 : thunderbird (ELSA-2008-0976)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
60498	Scientific Linux Security Update : thunderbird on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
60495	Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	critical
43714	CentOS 4 / 5 : thunderbird (CESA-2008:0976)	Nessus	CentOS Local Security Checks	critical
41511	SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5813)	Nessus	SuSE Local Security Checks	critical
41465	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5826)	Nessus	SuSE Local Security Checks	critical
40131	openSUSE Security Update : seamonkey (seamonkey-326)	Nessus	SuSE Local Security Checks	critical
40072	openSUSE Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-329)	Nessus	SuSE Local Security Checks	critical
39894	openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-333)	Nessus	SuSE Local Security Checks	critical
39884	openSUSE Security Update : MozillaFirefox (MozillaFirefox-334)	Nessus	SuSE Local Security Checks	critical
37735	Fedora 10 : thunderbird-2.0.0.18-1.fc10 (2008-9901)	Nessus	Fedora Local Security Checks	critical
37649	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : mozilla-thunderbird, thunderbird vulnerabilities (USN-668-1)	Nessus	Ubuntu Local Security Checks	critical
37285	Mandriva Linux Security Advisory : mozilla-firefox (MDVSA-2008:228)	Nessus	Mandriva Local Security Checks	critical
37099	Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2008:235)	Nessus	Mandriva Local Security Checks	critical
36711	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : firefox, firefox-3.0, xulrunner-1.9 vulnerabilities (USN-667-1)	Nessus	Ubuntu Local Security Checks	critical
36485	CentOS 3 / 4 : seamonkey (CESA-2008:0977)	Nessus	CentOS Local Security Checks	critical
35314	Debian DSA-1697-1 : iceape - several vulnerabilities	Nessus	Debian Local Security Checks	critical
35313	Debian DSA-1696-1 : icedove - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34967	SuSE 10 Security Update : gecko-sdk and mozilla-xulrunner (ZYPP Patch Number 5811)	Nessus	SuSE Local Security Checks	critical
34961	openSUSE 10 Security Update : seamonkey (seamonkey-5815)	Nessus	SuSE Local Security Checks	critical
34960	openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5820)	Nessus	SuSE Local Security Checks	critical
34958	openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-5825)	Nessus	SuSE Local Security Checks	critical
34957	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5812)	Nessus	SuSE Local Security Checks	critical
34950	Debian DSA-1671-1 : iceweasel - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34941	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 5786)	Nessus	SuSE Local Security Checks	critical
34938	Debian DSA-1669-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	critical
34842	RHEL 4 / 5 : thunderbird (RHSA-2008:0976)	Nessus	Red Hat Local Security Checks	critical
34837	Fedora 9 : thunderbird-2.0.0.18-1.fc9 (2008-9859)	Nessus	Fedora Local Security Checks	critical
34836	Fedora 8 : thunderbird-2.0.0.18-1.fc8 (2008-9807)	Nessus	Fedora Local Security Checks	critical
34819	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Nessus	Windows	high
4762	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Nessus Network Monitor	SMTP Clients	medium
34777	Fedora 8 : Miro-1.2.7-2.fc8 / blam-1.8.3-19.fc8 / cairo-dock-1.6.3.1-1.fc8.1 / chmsee-1.0.0-5.31.fc8 / etc (2008-9667)	Nessus	Fedora Local Security Checks	critical
34771	FreeBSD : mozilla -- multiple vulnerabilities (f29fea8f-b19f-11dd-a55e-00163e000016)	Nessus	FreeBSD Local Security Checks	critical
34768	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Nessus	Windows	high
34766	Firefox < 2.0.0.18 Multiple Vulnerabilities	Nessus	Windows	high
34763	RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2008:0977)	Nessus	Red Hat Local Security Checks	critical
4753	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
4752	Mozilla Firefox 3.x < 3.0.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
4751	Mozilla Firefox < 2.0.0.18 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
801316	Mozilla Thunderbird < 2.0.0.18 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients	high
800876	SeaMonkey < 1.1.13 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800751	Firefox 3.x < 3.0.4 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
800741	Firefox < 2.0.0.18 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high

CVE-2008-5012

Description

References

Details

Risk Information

CVSS v2.0