FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-5507

This CVE name corresponds to:

Entered	Topic
2008-12-19	mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-5507 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2008-5507
Phase	Assigned(20081212)

Description

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

References

Source	Reference
BUGTRAQ	20081218 Firefox cross-domain text theft (CESA-2008-011)
MISC	https://bugzilla.mozilla.org/show_bug.cgi?id=461735
MISC	http://scary.beasts.org/security/CESA-2008-011.html
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
DEBIAN	DSA-1697
DEBIAN	DSA-1704
DEBIAN	DSA-1707
DEBIAN	DSA-1696
MANDRIVA	MDVSA-2008:245
MANDRIVA	MDVSA-2009:012
MANDRIVA	MDVSA-2008:244
REDHAT	RHSA-2008:1036
REDHAT	RHSA-2008:1037
REDHAT	RHSA-2009:0002
SUNALERT	256408
SUNALERT	258748
UBUNTU	USN-690-1
UBUNTU	USN-690-2
UBUNTU	USN-690-3
UBUNTU	USN-701-1
UBUNTU	USN-701-2
BID	32882
OVAL	oval:org.mitre.oval:def:9376
SECTRACK	1021423
SECUNIA	33231
SECUNIA	33433
SECUNIA	33216
SECUNIA	33232
SECUNIA	33523
SECUNIA	33547
SECUNIA	33184
SECUNIA	33188
SECUNIA	33189
SECUNIA	33203
SECUNIA	33204
SECUNIA	33205
SECUNIA	33421
SECUNIA	33434
SECUNIA	34501
SECUNIA	35080
SECUNIA	33408
SECUNIA	33415
VUPEN	ADV-2009-0977
XF	mozilla-javascripturl-infor-disclosure(47413)