{ "id": "CVE-2008-5506", "sourceIdentifier": "secalert@redhat.com", "published": "2008-12-17T23:30:00.563", "lastModified": "2018-11-08T20:12:00.137", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka \"response disclosure.\"" }, { "lang": "es", "value": "Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones anteriores a v2.0.0.19, y SeaMonkey 1.x versiones anteriores a v1.1.14 permite a atacantes remotos evitar la misma pol\u00edtica de origen provocando que el navegador cause una XMLHttpRequest de un recurso controlado por el atacante que utiliza una redirecci\u00f3n 302 a la fuente en un dominio distinto, a continuaci\u00f3n leyendo el contenido de la respuesta, tambi\u00e9n conocido como \"revelaci\u00f3n de respuesta\".\r\n" } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-264" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0", "versionEndExcluding": "2.0.0.19", "matchCriteriaId": "C8B5BCBB-C10E-44E5-8235-01560BD9273C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.0", "versionEndExcluding": "3.0.5", "matchCriteriaId": "867B189D-CF88-41C5-8FBA-893C100BE203" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0", "versionEndExcluding": "1.1.14", "matchCriteriaId": "47BE5CA2-9885-479A-8C9C-E6D5FA2E1C7D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.0", "versionEndExcluding": "2.0.0.19", "matchCriteriaId": "1884DC26-E9BE-43FB-8C7B-2116F4857E7E" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "matchCriteriaId": "5C18C3CD-969B-4AA3-AE3A-BA4A188F8BFF" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "matchCriteriaId": "C91D2DBF-6DA7-4BA2-9F29-8BD2725A4701" }, { "vulnerable": true, "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7" }, { "vulnerable": true, "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639" } ] } ] } ], "references": [ { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1", "source": "secalert@redhat.com", "tags": [ "Broken Link" ] }, { "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1", "source": "secalert@redhat.com", "tags": [ "Broken Link" ] }, { "url": "http://www.debian.org/security/2009/dsa-1696", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2009/dsa-1697", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2009/dsa-1704", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.debian.org/security/2009/dsa-1707", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-64.html", "source": "secalert@redhat.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.securityfocus.com/bid/32882", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.securitytracker.com/id?1021427", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "http://www.ubuntu.com/usn/usn-690-2", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.ubuntu.com/usn/usn-701-1", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.ubuntu.com/usn/usn-701-2", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.vupen.com/english/advisories/2009/0977", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=458248", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47412", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/690-1/", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://usn.ubuntu.com/690-3/", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] } ] }