CVE-2008-5506
Published: 17 December 2008
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1)
|
gutsy |
Released
(2.0.0.19+nobinonly1-0ubuntu0.7.10.1)
|
|
hardy |
Released
(2.0.0.19+nobinonly1-0ubuntu0.8.04.1)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(3.0.5+nobinonly-0ubuntu0.8.04.1)
|
|
maverick |
Released
(3.0.5+nobinonly-0ubuntu0.8.04.1)
|
|
natty |
Released
(3.0.5+nobinonly-0ubuntu0.8.04.1)
|
|
upstream |
Released
(2.0.0.19)
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(3.0.5+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(3.0.5+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(3.0.5+nobinonly-0ubuntu1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(3.0.5)
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(1.1.14)
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Released
(1.1.15+nobinonly-0ubuntu0.8.04.2)
|
|
intrepid |
Released
(1.1.15+nobinonly-0ubuntu0.8.10.2)
|
|
jaunty |
Released
(1.1.15+nobinonly-0ubuntu2)
|
|
karmic |
Released
(1.1.15+nobinonly-0ubuntu2)
|
|
lucid |
Released
(1.1.15+nobinonly-0ubuntu2)
|
|
maverick |
Released
(1.1.15+nobinonly-0ubuntu2)
|
|
natty |
Released
(1.1.15+nobinonly-0ubuntu2)
|
|
upstream |
Released
(1.1.14)
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Released
(2.0.0.19+nobinonly-0ubuntu0.7.10.1)
|
|
hardy |
Released
(2.0.0.19+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(2.0.0.19+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(2.0.0.19+nobinonly-0ubuntu1)
|
|
karmic |
Released
(2.0.0.19+nobinonly-0ubuntu1)
|
|
lucid |
Released
(2.0.0.19+nobinonly-0ubuntu1)
|
|
maverick |
Released
(2.0.0.19+nobinonly-0ubuntu1)
|
|
natty |
Released
(2.0.0.19+nobinonly-0ubuntu1)
|
|
upstream |
Released
(2.0.0.19)
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
hardy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.9.0.5+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.5+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(1.9.0.5+nobinonly-0ubuntu1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5506
- https://ubuntu.com/security/notices/USN-690-3
- https://ubuntu.com/security/notices/USN-690-2
- https://ubuntu.com/security/notices/USN-690-1
- https://ubuntu.com/security/notices/USN-701-1
- https://ubuntu.com/security/notices/USN-701-2
- NVD
- Launchpad
- Debian