CVE-2008-1238 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-1238
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-1238

Description: Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/41449 UBUNTU http://www.ubuntu.com/usn/usn-592-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 ST 1019703 SAID Secunia Advisory: SA29547 Secunia Advisory: SA29541 Secunia Advisory: SA29526 Secunia Advisory: SA29616 Secunia Advisory: SA29558 Secunia Advisory: SA29539 Secunia Advisory: SA29391 Secunia Advisory: SA29560 Secunia Advisory: SA29550 Secunia Advisory: SA29645 Secunia Advisory: SA29607 Secunia Advisory: SA30327 Secunia Advisory: SA30620 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0207.html http://www.redhat.com/support/errata/RHSA-2008-0209.html http://rhn.redhat.com/errata/RHSA-2008-0208.html MISC http://sla.ckers.org/forum/read.php?10,20033 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:080 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml DEBIAN http://www.debian.org/security/2008/dsa-1535 http://www.debian.org/security/2008/dsa-1534 http://www.debian.org/security/2008/dsa-1532 CONFIRM http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128 http://www.mozilla.org/security/announce/2008/mfsa2008-16.html CERT http://www.us-cert.gov/cas/techalerts/TA08-087A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/490196/100/0/threaded BID 28448

Return to the previous page.