CVE-2008-0593 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-0593
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0593

Description: Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-576-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 ST 1019341 SAID Secunia Advisory: SA28865 Secunia Advisory: SA28877 Secunia Advisory: SA28879 Secunia Advisory: SA28864 Secunia Advisory: SA28839 Secunia Advisory: SA28815 Secunia Advisory: SA28766 Secunia Advisory: SA28758 Secunia Advisory: SA28754 Secunia Advisory: SA28818 Secunia Advisory: SA28924 Secunia Advisory: SA28939 Secunia Advisory: SA28958 Secunia Advisory: SA29049 Secunia Advisory: SA29086 Secunia Advisory: SA29167 Secunia Advisory: SA29567 Secunia Advisory: SA30327 Secunia Advisory: SA30620 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0105.html http://www.redhat.com/support/errata/RHSA-2008-0104.html http://www.redhat.com/support/errata/RHSA-2008-0103.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:048 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1489 http://www.debian.org/security/2008/dsa-1485 http://www.debian.org/security/2008/dsa-1506 http://www.debian.org/security/2008/dsa-1484 CONFIRM http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html http://browser.netscape.com/releasenotes/ http://www.mozilla.org/security/announce/2008/mfsa2008-10.html http://wiki.rpath.com/Advisories:rPSA-2008-0051 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/487826/100/0/threaded BID 27683

Return to the previous page.