Home > Vulnerability Database > CVE-2008-5506

Mend.io Vulnerability Database

CVE-2008-5506

Date: December 17, 2008

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."

Severity Score

5.6

Related Resources (46)

Url: http://www.ubuntu.com/usn/usn-690-2

Url: https://usn.ubuntu.com/690-1/

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5506

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/33189

Url: http://www.debian.org/security/2009/dsa-1697

Url: https://usn.ubuntu.com/690-3/

Url: http://secunia.com/advisories/33188

Url: http://secunia.com/advisories/33523

Url: http://secunia.com/advisories/33547

Url: http://secunia.com/advisories/33184

Url: http://www.redhat.com/support/errata/RHSA-2008-1036.html

Url: https://access.redhat.com/security/cve/CVE-2008-5506

Url: http://secunia.com/advisories/33205

Url: http://secunia.com/advisories/33204

Url: http://secunia.com/advisories/33203

Url: http://secunia.com/advisories/33421

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=458248

Url: http://www.securityfocus.com/bid/32882

Url: http://secunia.com/advisories/33408

Url: http://www.vupen.com/english/advisories/2009/0977

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10512

Url: http://www.securitytracker.com/id?1021427

Url: http://www.ubuntu.com/usn/usn-701-1

Url: http://secunia.com/advisories/33433

Url: http://www.ubuntu.com/usn/usn-701-2

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/34501

Url: http://secunia.com/advisories/33232

Url: http://secunia.com/advisories/33231

Url: http://secunia.com/advisories/33415

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/47412

Url: http://www.debian.org/security/2009/dsa-1704

Url: http://www.debian.org/security/2009/dsa-1707

Url: http://secunia.com/advisories/33216

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

Url: http://www.redhat.com/support/errata/RHSA-2008-1037.html

Url: http://secunia.com/advisories/35080

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://www.redhat.com/support/errata/RHSA-2009-0002.html

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5506

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-64.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

Url: https://www.mend.io/vulnerability-database/CVE-2008-5506

Severity Score

5.6

Weakness Type (CWE)

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:	5.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-5506

Date: December 17, 2008

Severity Score

Related Resources (46)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?