← back
CVE-2008-0593

CVE-2008-0593

EPSS 2.0%
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://browser.netscape.com/releasenotes/http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=397427http://secunia.com/advisories/28754http://secunia.com/advisories/28758http://secunia.com/advisories/28766http://secunia.com/advisories/28815http://secunia.com/advisories/28818http://secunia.com/advisories/28839http://secunia.com/advisories/28864http://secunia.com/advisories/28865http://secunia.com/advisories/28877