cvelistv5 - cve-2008-5506

CVE-2008-5506 (GCVE-0-2008-5506)

Vulnerability from cvelistv5

Published

2008-12-17 23:00

Modified

2024-08-07 10:56

Severity ?

CWE

Summary

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."

References

URL

Tags

	http://www.securityfocus.com/bid/32882	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512	vdb-entry, signature, x_refsource_OVAL
	http://secunia.com/advisories/33408	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1697	vendor-advisory, x_refsource_DEBIAN
	https://bugzilla.mozilla.org/show_bug.cgi?id=458248	x_refsource_MISC
	http://www.securitytracker.com/id?1021427	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/690-3/	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/33205	third-party-advisory, x_refsource_SECUNIA
	http://www.mozilla.org/security/announce/2008/mfsa2008-64.html	x_refsource_CONFIRM
	http://secunia.com/advisories/33421	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33232	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2008-1036.html	vendor-advisory, x_refsource_REDHAT
	http://www.vupen.com/english/advisories/2009/0977	vdb-entry, x_refsource_VUPEN
	http://www.ubuntu.com/usn/usn-690-2	vendor-advisory, x_refsource_UBUNTU
	http://www.ubuntu.com/usn/usn-701-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/33231	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/47412	vdb-entry, x_refsource_XF
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:245	vendor-advisory, x_refsource_MANDRIVA
	https://usn.ubuntu.com/690-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=MDVSA-2009:012	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/33203	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33433	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1707	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33216	third-party-advisory, x_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	vendor-advisory, x_refsource_SUNALERT
	http://www.redhat.com/support/errata/RHSA-2008-1037.html	vendor-advisory, x_refsource_REDHAT
	http://www.debian.org/security/2009/dsa-1704	vendor-advisory, x_refsource_DEBIAN
	http://www.debian.org/security/2009/dsa-1696	vendor-advisory, x_refsource_DEBIAN
	http://secunia.com/advisories/33204	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-701-2	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/33184	third-party-advisory, x_refsource_SECUNIA
	http://www.redhat.com/support/errata/RHSA-2009-0002.html	vendor-advisory, x_refsource_REDHAT
	http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1	vendor-advisory, x_refsource_SUNALERT
	http://www.mandriva.com/security/advisories?name=MDVSA-2008:244	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/33415	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33188	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33523	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/35080	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33547	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33434	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/33189	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/34501	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:56:46.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32882",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32882"
          },
          {
            "name": "oval:org.mitre.oval:def:10512",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512"
          },
          {
            "name": "33408",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33408"
          },
          {
            "name": "DSA-1697",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1697"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=458248"
          },
          {
            "name": "1021427",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1021427"
          },
          {
            "name": "USN-690-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/690-3/"
          },
          {
            "name": "33205",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33205"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html"
          },
          {
            "name": "33421",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33421"
          },
          {
            "name": "33232",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33232"
          },
          {
            "name": "RHSA-2008:1036",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html"
          },
          {
            "name": "ADV-2009-0977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0977"
          },
          {
            "name": "USN-690-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-690-2"
          },
          {
            "name": "USN-701-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-701-1"
          },
          {
            "name": "33231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33231"
          },
          {
            "name": "mozilla-xmlhttprequest-302-info-disclosure(47412)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47412"
          },
          {
            "name": "MDVSA-2008:245",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245"
          },
          {
            "name": "USN-690-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/690-1/"
          },
          {
            "name": "MDVSA-2009:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012"
          },
          {
            "name": "33203",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33203"
          },
          {
            "name": "33433",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33433"
          },
          {
            "name": "DSA-1707",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1707"
          },
          {
            "name": "33216",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33216"
          },
          {
            "name": "256408",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
          },
          {
            "name": "RHSA-2008:1037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html"
          },
          {
            "name": "DSA-1704",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1704"
          },
          {
            "name": "DSA-1696",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1696"
          },
          {
            "name": "33204",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33204"
          },
          {
            "name": "USN-701-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-701-2"
          },
          {
            "name": "33184",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33184"
          },
          {
            "name": "RHSA-2009:0002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html"
          },
          {
            "name": "258748",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1"
          },
          {
            "name": "MDVSA-2008:244",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244"
          },
          {
            "name": "33415",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33415"
          },
          {
            "name": "33188",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33188"
          },
          {
            "name": "33523",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33523"
          },
          {
            "name": "35080",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35080"
          },
          {
            "name": "33547",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33547"
          },
          {
            "name": "33434",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33434"
          },
          {
            "name": "33189",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33189"
          },
          {
            "name": "34501",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34501"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka \"response disclosure.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "32882",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32882"
        },
        {
          "name": "oval:org.mitre.oval:def:10512",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512"
        },
        {
          "name": "33408",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33408"
        },
        {
          "name": "DSA-1697",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1697"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=458248"
        },
        {
          "name": "1021427",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1021427"
        },
        {
          "name": "USN-690-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/690-3/"
        },
        {
          "name": "33205",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33205"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html"
        },
        {
          "name": "33421",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33421"
        },
        {
          "name": "33232",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33232"
        },
        {
          "name": "RHSA-2008:1036",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html"
        },
        {
          "name": "ADV-2009-0977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0977"
        },
        {
          "name": "USN-690-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-690-2"
        },
        {
          "name": "USN-701-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-701-1"
        },
        {
          "name": "33231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33231"
        },
        {
          "name": "mozilla-xmlhttprequest-302-info-disclosure(47412)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47412"
        },
        {
          "name": "MDVSA-2008:245",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245"
        },
        {
          "name": "USN-690-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/690-1/"
        },
        {
          "name": "MDVSA-2009:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012"
        },
        {
          "name": "33203",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33203"
        },
        {
          "name": "33433",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33433"
        },
        {
          "name": "DSA-1707",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1707"
        },
        {
          "name": "33216",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33216"
        },
        {
          "name": "256408",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"
        },
        {
          "name": "RHSA-2008:1037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html"
        },
        {
          "name": "DSA-1704",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1704"
        },
        {
          "name": "DSA-1696",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1696"
        },
        {
          "name": "33204",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33204"
        },
        {
          "name": "USN-701-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-701-2"
        },
        {
          "name": "33184",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33184"
        },
        {
          "name": "RHSA-2009:0002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html"
        },
        {
          "name": "258748",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1"
        },
        {
          "name": "MDVSA-2008:244",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244"
        },
        {
          "name": "33415",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33415"
        },
        {
          "name": "33188",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33188"
        },
        {
          "name": "33523",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33523"
        },
        {
          "name": "35080",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35080"
        },
        {
          "name": "33547",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33547"
        },
        {
          "name": "33434",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33434"
        },
        {
          "name": "33189",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33189"
        },
        {
          "name": "34501",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34501"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2008-5506",
    "datePublished": "2008-12-17T23:00:00.000Z",
    "dateReserved": "2008-12-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:56:46.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-606

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Ces vulnérabilités peuvent être exploitées afin de réaliser un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été découvertes dans les produits Mozilla :

Firefox : : les vulnérabilités sont, pour la plupart, dues à une mauvaise gestion du langage Javascript. Ces vulnérabilités peuvent être exploitées afin, entre autre, de contourner la politique de sécurité, réaliser une injection de code indirecte, ou d'exécuter du code arbitraire à distance.

Thunderbird : : l'exploitation des vulnérabilités découvertes permet d'accéder à des informations sensibles, de conduire des attaques par injection de code indirecte, ou d'exécuter du code arbitraire à distance.

SeaMonkey : : l'exploitation des vulnérabilités découvertes permet d'accéder à des informations sensibles, de conduire des attaques par injection de code indirecte, ou d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La nouvelle version de Thunderbird n'est pas encore disponible. En attendant, le CERTA recommande d'utiliser un client de messagerie alternatif.

None

Impacted products

Vendor	Product	Description
Mozilla	N/A	Mozilla SeaMonkey versions inférieures à la version 1.1.14.
Mozilla	Firefox	Mozilla Firefox versions inférieures à la version 3.0.5 ;
Mozilla	Thunderbird	Mozilla Thunderbird versions inférieures à la version 2.0.0.19 ;

References

Title

Publication Time

Tags

Bulletins de sécurité Mozilla du 16 décembre 2008	None	vendor-advisory
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other
Bulletins de sécurité de la fondation Mozilla du 16 décembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla SeaMonkey versions inf\u00e9rieures \u00e0 la version 1.1.14.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Firefox versions inf\u00e9rieures \u00e0 la version 3.0.5 ;",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    },
    {
      "description": "Mozilla Thunderbird versions inf\u00e9rieures \u00e0 la version 2.0.0.19 ;",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla :\n\n**Firefox**\n:   : les vuln\u00e9rabilit\u00e9s sont, pour la plupart, dues \u00e0 une mauvaise\n    gestion du langage Javascript. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre\n    exploit\u00e9es afin, entre autre, de contourner la politique de\n    s\u00e9curit\u00e9, r\u00e9aliser une injection de code indirecte, ou d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance.\n\n**Thunderbird**\n:   : l\u0027exploitation des vuln\u00e9rabilit\u00e9s d\u00e9couvertes permet d\u0027acc\u00e9der \u00e0\n    des informations sensibles, de conduire des attaques par injection\n    de code indirecte, ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n**SeaMonkey**\n:   : l\u0027exploitation des vuln\u00e9rabilit\u00e9s d\u00e9couvertes permet d\u0027acc\u00e9der \u00e0\n    des informations sensibles, de conduire des attaques par injection\n    de code indirecte, ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La nouvelle version de\nThunderbird n\u0027est pas encore disponible. En attendant, le CERTA\nrecommande d\u0027utiliser un client de messagerie alternatif.\n",
  "cves": [
    {
      "name": "CVE-2008-5507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5507"
    },
    {
      "name": "CVE-2008-5510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5510"
    },
    {
      "name": "CVE-2008-5501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5501"
    },
    {
      "name": "CVE-2008-5500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5500"
    },
    {
      "name": "CVE-2008-5502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5502"
    },
    {
      "name": "CVE-2008-5511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5511"
    },
    {
      "name": "CVE-2008-5513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5513"
    },
    {
      "name": "CVE-2008-5512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5512"
    },
    {
      "name": "CVE-2008-5508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5508"
    },
    {
      "name": "CVE-2008-5506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5506"
    },
    {
      "name": "CVE-2008-5503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5503"
    },
    {
      "name": "CVE-2008-5505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5505"
    }
  ],
  "initial_release_date": "2008-12-18T00:00:00",
  "last_revision_date": "2008-12-18T00:00:00",
  "links": [
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-63.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-66.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-60.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-65.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-67.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-69.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-68.html"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de la fondation Mozilla du 16    d\u00e9cembre 2008 :",
      "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-61.html"
    }
  ],
  "reference": "CERTA-2008-AVI-606",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nMozilla. Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es afin de r\u00e9aliser un\ngrand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Mozilla",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Mozilla du 16 d\u00e9cembre 2008",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-5506 (GCVE-0-2008-5506)

Vulnerability from cvelistv5

CERTA-2008-AVI-606

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature