CVE-2008-5506

Priority
Low
Description
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x
before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to
bypass the same origin policy by causing the browser to issue an
XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect
to a resource in a different domain, then reading content from the
response, aka "response disclosure."
References
Package
Upstream:released (3.0.5)
Package
Upstream:needs-triage
Package
Upstream:released (2.0.0.19)
Package
Upstream:released (1.1.14)
Package
Upstream:released (1.1.14)
Package
Upstream:released (2.0.0.19)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:34:26 UTC (commit 9756)