CVE-2008-5507

Published: 17 December 2008

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.19)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.5)
iceape
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.14)
iceweasel
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.19)
mozilla-thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.14)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.19)
xulrunner
Launchpad, Ubuntu, Debian
Upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream Needs triage