Vulnerability DatabaseCVE-2008-5507
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2008-5507
December 17, 2008
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
Related ResourcesĀ (46)
http://secunia.com/advisories/33433
http://secunia.com/advisories/33523
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
http://secunia.com/advisories/33203
http://secunia.com/advisories/33204
http://www.debian.org/security/2009/dsa-1704
http://www.redhat.com/support/errata/RHSA-2008-1036.html
http://www.redhat.com/support/errata/RHSA-2008-1037.html
http://www.debian.org/security/2009/dsa-1707
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html
http://secunia.com/advisories/33205
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/35080
http://www.vupen.com/english/advisories/2009/0977
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
http://secunia.com/advisories/33216
http://www.ubuntu.com/usn/usn-701-1
http://secunia.com/advisories/33408
http://secunia.com/advisories/33421
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5507
http://www.securityfocus.com/archive/1/499353/100/0/threaded
https://access.redhat.com/security/cve/CVE-2008-5507
http://secunia.com/advisories/33547
http://www.ubuntu.com/usn/usn-701-2
http://secunia.com/advisories/33231
http://secunia.com/advisories/33434
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.securityfocus.com/bid/32882
http://secunia.com/advisories/33189
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
http://www.ubuntu.com/usn/usn-690-2
https://usn.ubuntu.com/690-1/
https://bugzilla.mozilla.org/show_bug.cgi?id=461735
http://www.redhat.com/support/errata/RHSA-2009-0002.html
https://usn.ubuntu.com/690-3/
http://scary.beasts.org/security/CESA-2008-011.html
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/34501
https://exchange.xforce.ibmcloud.com/vulnerabilities/47413
http://secunia.com/advisories/33184
http://www.securitytracker.com/id?1021423
http://secunia.com/advisories/33232
http://secunia.com/advisories/33188
http://secunia.com/advisories/33415
Do you need more information?
Contact Us
CVSS v4
Base Score:
2.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Exposure of Sensitive Information to an Unauthorized Actor
CWE-200
EPSS
Base Score:
0.53