5

CVE-2008-5012

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker.  NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.17
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.9_rc
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.6 Editionlinux
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version1.5.0.8
MozillaFirefox Version1.5.0.9
MozillaFirefox Version1.5.0.10
MozillaFirefox Version1.5.0.11
MozillaFirefox Version1.5.0.12
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Version1.5.4
MozillaFirefox Version1.5.5
MozillaFirefox Version1.5.6
MozillaFirefox Version1.5.7
MozillaFirefox Version1.5.8
MozillaFirefox Version1.8
MozillaFirefox Version2.0
MozillaFirefox Version2.0 Updatebeta_1
MozillaFirefox Version2.0 Updatebeta1
MozillaFirefox Version2.0 Updaterc2
MozillaFirefox Version2.0 Updaterc3
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaFirefox Version2.0.0.14
MozillaFirefox Version2.0.0.15
MozillaFirefox Version2.0.0.16
MozillaSeamonkey Version <= 1.1.12
MozillaSeamonkey Version1.0
MozillaSeamonkey Version1.0 Editionalpha
MozillaSeamonkey Version1.0 Editiondev
MozillaSeamonkey Version1.0 Updatebeta
MozillaSeamonkey Version1.0.1
MozillaSeamonkey Version1.0.2
MozillaSeamonkey Version1.0.3
MozillaSeamonkey Version1.0.4
MozillaSeamonkey Version1.0.5
MozillaSeamonkey Version1.0.6
MozillaSeamonkey Version1.0.7
MozillaSeamonkey Version1.0.8
MozillaSeamonkey Version1.0.9
MozillaSeamonkey Version1.0.99
MozillaSeamonkey Version1.1
MozillaSeamonkey Version1.1 Updatebeta
MozillaSeamonkey Version1.1.1
MozillaSeamonkey Version1.1.2
MozillaSeamonkey Version1.1.3
MozillaSeamonkey Version1.1.4
MozillaSeamonkey Version1.1.5
MozillaSeamonkey Version1.1.5 Update1.1.10
MozillaSeamonkey Version1.1.6
MozillaSeamonkey Version1.1.7
MozillaSeamonkey Version1.1.8
MozillaSeamonkey Version1.1.9
MozillaSeamonkey Version1.1.10
MozillaSeamonkey Version1.1.11
MozillaThunderbird Version <= 2.0.0.17
MozillaThunderbird Version0.1
MozillaThunderbird Version0.2
MozillaThunderbird Version0.3
MozillaThunderbird Version0.4
MozillaThunderbird Version0.5
MozillaThunderbird Version0.6
MozillaThunderbird Version0.7
MozillaThunderbird Version0.7.1
MozillaThunderbird Version0.7.2
MozillaThunderbird Version0.7.3
MozillaThunderbird Version0.8
MozillaThunderbird Version0.9
MozillaThunderbird Version1.0
MozillaThunderbird Version1.0.1
MozillaThunderbird Version1.0.2
MozillaThunderbird Version1.0.3
MozillaThunderbird Version1.0.4
MozillaThunderbird Version1.0.5
MozillaThunderbird Version1.0.5 Updatebeta
MozillaThunderbird Version1.0.6
MozillaThunderbird Version1.0.7
MozillaThunderbird Version1.0.8
MozillaThunderbird Version1.5
MozillaThunderbird Version1.5 Updatebeta2
MozillaThunderbird Version1.5.0.1
MozillaThunderbird Version1.5.0.2
MozillaThunderbird Version1.5.0.3
MozillaThunderbird Version1.5.0.4
MozillaThunderbird Version1.5.0.6
MozillaThunderbird Version1.5.0.7
MozillaThunderbird Version1.5.0.8
MozillaThunderbird Version1.5.0.9
MozillaThunderbird Version1.5.0.10
MozillaThunderbird Version1.5.0.11
MozillaThunderbird Version1.5.1
MozillaThunderbird Version1.5.2
MozillaThunderbird Version1.7.1
MozillaThunderbird Version1.7.3
MozillaThunderbird Version2.0.0.0
MozillaThunderbird Version2.0.0.1
MozillaThunderbird Version2.0.0.2
MozillaThunderbird Version2.0.0.3
MozillaThunderbird Version2.0.0.4
MozillaThunderbird Version2.0.0.11
MozillaThunderbird Version2.0.0.12
MozillaThunderbird Version2.0.0.13
MozillaThunderbird Version2.0.0.14
MozillaThunderbird Version2.0.0.15
MozillaThunderbird Version2.0.0.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.04% 0.787
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33434
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/32845
http://www.debian.org/security/2008/dsa-1669
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32714
http://secunia.com/advisories/32778
http://secunia.com/advisories/32853
http://ubuntu.com/usn/usn-667-1
http://www.debian.org/security/2008/dsa-1671
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
US Government Resource
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://secunia.com/advisories/32694
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.securityfocus.com/bid/32281
http://www.vupen.com/english/advisories/2008/3146
http://scary.beasts.org/security/CESA-2008-009.html
http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
http://secunia.com/advisories/32715
http://secunia.com/advisories/32798
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235
http://www.mozilla.org/security/announce/2008/mfsa2008-48.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0976.html
http://www.securityfocus.com/archive/1/498468
http://www.securityfocus.com/bid/32351
http://www.securitytracker.com/id?1021187
https://bugzilla.mozilla.org/show_bug.cgi?id=355126
https://bugzilla.mozilla.org/show_bug.cgi?id=451619
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10750