CVE-2008-5012 (retired)

Priority
Description
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and
SeaMonkey 1.x before 1.1.13 do not properly change the source URI when
processing a canvas element and an HTTP redirect, which allows remote
attackers to bypass the same origin policy and access arbitrary images that
are not directly accessible to the attacker. NOTE: this issue can be
leveraged to enumerate software on the client by performing redirections
related to moz-icon.
Assigned-to
asac
Notes
Package
Upstream:released (2.0.0.18)
Package
Upstream:needs-triage
Package
Upstream:released (1.1.13)
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (1.1.13)
Package
Upstream:released (2.0.0.18)
Package
Upstream:needs-triage
Package
Upstream:released (1.9.0.4)
More Information

Updated: 2019-10-09 07:12:58 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)