6.8

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version >= 2.0 < 2.0.0.19
MozillaFirefox Version >= 3.0 < 3.0.5
MozillaSeamonkey Version >= 1.0 < 1.1.14
MozillaThunderbird Version >= 2.0 < 2.0.0.19
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.24% 0.773
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
http://www.securityfocus.com/bid/32882
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/690-1/
Third Party Advisory
https://usn.ubuntu.com/690-3/
Third Party Advisory
http://www.securitytracker.com/id?1021427
Third Party Advisory
VDB Entry