← voltar
CVE-2008-1238

CVE-2008-1238

EPSS 2.4%
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0208.htmlhttp://secunia.com/advisories/29391http://secunia.com/advisories/29526http://secunia.com/advisories/29539http://secunia.com/advisories/29541http://secunia.com/advisories/29547http://secunia.com/advisories/29550http://secunia.com/advisories/29558http://secunia.com/advisories/29560http://secunia.com/advisories/29607http://secunia.com/advisories/29616