New Search

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 Thunderbird 2.x before 2.0.0.19 and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain then reading content from the response aka "response disclosure."

oval:org.mitre.oval:def:10512

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 Thunderbird 2.x before 2.0.0.19 and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain then reading content from the response aka "response disclosure."

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Oracle Linux 5
  • Oracle Linux 4
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
  • CentOS Linux 4
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2008-5506
Product(s):