CVE-2008-1238
Publication date 27 March 2008
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 8.10 intrepid | Not in release |
8.04 LTS hardy |
Fixed 2.0.0.13+1nobinonly-0ubuntu1
|
|
7.10 gutsy |
Fixed 2.0.0.13+1nobinonly-0ubuntu0.7.10
|
|
7.04 feisty |
Fixed 2.0.0.13+0nobinonly-0ubuntu0.7.4
|
|
6.10 edgy |
Fixed 2.0.0.13+0nobinonly-0ubuntu0.6.10
|
|
6.06 LTS dapper |
Fixed 1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1
|
|
iceape | 8.10 intrepid | Not in release |
8.04 LTS hardy | Not in release | |
7.10 gutsy | Ignored end of life, was needed | |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
iceweasel | 8.10 intrepid | Not in release |
8.04 LTS hardy | Not in release | |
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
seamonkey | 8.10 intrepid |
Fixed 1.1.9+nobinonly-0ubuntu1
|
8.04 LTS hardy |
Fixed 1.1.9+nobinonly-0ubuntu1
|
|
7.10 gutsy | Not in release | |
7.04 feisty | Not in release | |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
xulrunner | 8.10 intrepid |
Fixed 1.8.1.13+nobinonly-0ubuntu1
|
8.04 LTS hardy |
Fixed 1.8.1.13+nobinonly-0ubuntu1
|
|
7.10 gutsy |
Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
|
|
7.04 feisty | Ignored end of life, was needed | |
6.10 edgy | Ignored end of life, was needed | |
6.06 LTS dapper | Not in release |