FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0593

This CVE name corresponds to:

Entered	Topic
2008-02-22	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0593 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-0593
Phase	Assigned(20080205)

Description

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

References

Source	Reference
BUGTRAQ	20080209 rPSA-2008-0051-1 firefox
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-10.html
CONFIRM	https://bugzilla.mozilla.org/show_bug.cgi?id=397427
CONFIRM	http://wiki.rpath.com/Advisories:rPSA-2008-0051
CONFIRM	http://browser.netscape.com/releasenotes/
CONFIRM	http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
DEBIAN	DSA-1484
DEBIAN	DSA-1485
DEBIAN	DSA-1489
DEBIAN	DSA-1506
FEDORA	FEDORA-2008-1435
FEDORA	FEDORA-2008-1459
FEDORA	FEDORA-2008-1535
FEDORA	FEDORA-2008-2060
FEDORA	FEDORA-2008-2118
GENTOO	GLSA-200805-18
MANDRIVA	MDVSA-2008:048
REDHAT	RHSA-2008:0103
REDHAT	RHSA-2008:0104
REDHAT	RHSA-2008:0105
SUNALERT	238492
SUSE	SUSE-SA:2008:008
UBUNTU	USN-576-1
BID	27683
OVAL	oval:org.mitre.oval:def:10075
VUPEN	ADV-2008-0453
VUPEN	ADV-2008-0627
VUPEN	ADV-2008-1793
SECTRACK	1019341
SECUNIA	28818
SECUNIA	28754
SECUNIA	28758
SECUNIA	28766
SECUNIA	28815
SECUNIA	28839
SECUNIA	28864
SECUNIA	28865
SECUNIA	28877
SECUNIA	28879
SECUNIA	28924
SECUNIA	28939
SECUNIA	28958
SECUNIA	29049
SECUNIA	29086
SECUNIA	29167
SECUNIA	29567
SECUNIA	30327
SECUNIA	30620