CVE-2008-5508

Published: 17 December 2008

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.19)
firefox-3.0
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.5)
iceape
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.14)
mozilla-thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (1.1.14)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.0.19)
xulrunner
Launchpad, Ubuntu, Debian
Upstream Needs triage

xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream Needs triage