CVE-2008-5507

MEDIUM

Description

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

References

http://scary.beasts.org/security/CESA-2008-011.html

http://secunia.com/advisories/33184

http://secunia.com/advisories/33188

http://secunia.com/advisories/33189

http://secunia.com/advisories/33203

http://secunia.com/advisories/33204

http://secunia.com/advisories/33205

http://secunia.com/advisories/33216

http://secunia.com/advisories/33231

http://secunia.com/advisories/33232

http://secunia.com/advisories/33408

http://secunia.com/advisories/33415

http://secunia.com/advisories/33421

http://secunia.com/advisories/33433

http://secunia.com/advisories/33434

http://secunia.com/advisories/33523

http://secunia.com/advisories/33547

http://secunia.com/advisories/34501

http://secunia.com/advisories/35080

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

http://www.debian.org/security/2009/dsa-1696

http://www.debian.org/security/2009/dsa-1697

http://www.debian.org/security/2009/dsa-1704

http://www.debian.org/security/2009/dsa-1707

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

http://www.mozilla.org/security/announce/2008/mfsa2008-65.html

http://www.redhat.com/support/errata/RHSA-2008-1036.html

http://www.redhat.com/support/errata/RHSA-2008-1037.html

http://www.redhat.com/support/errata/RHSA-2009-0002.html

http://www.securityfocus.com/archive/1/499353/100/0/threaded

http://www.securityfocus.com/bid/32882

http://www.securitytracker.com/id?1021423

http://www.ubuntu.com/usn/usn-690-2

http://www.ubuntu.com/usn/usn-701-1

http://www.ubuntu.com/usn/usn-701-2

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=461735

https://exchange.xforce.ibmcloud.com/vulnerabilities/47413

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376

https://usn.ubuntu.com/690-1/

https://usn.ubuntu.com/690-3/

Details

Source: MITRE

Published: 2008-12-17

Updated: 2018-11-08

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 6

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 6.8

Severity: MEDIUM