CVE-2008-1238 (retired)

Priority
Description
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating
the HTTP Referer header, does not list the entire URL when it contains
Basic Authentication credentials without a username, which makes it easier
for remote attackers to bypass application protection mechanisms that rely
on Referer headers, such as with some Cross-Site Request Forgery (CSRF)
mechanisms.
Package
Upstream:released (2.0.0.13)
Package
Upstream:released (1.1.9)
Package
Upstream:needs-triage
Package
Upstream:released (1.1.9)
Package
Upstream:needs-triage
More Information

Updated: 2019-08-23 08:32:40 UTC (commit 436fd4ed4cf0038ddd382cb8649607ace163dda7)