CVE-2008-5012
CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=355126https://bugzilla.mozilla.org/show_bug.cgi?id=451619http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.htmlhttp://scary.beasts.org/security/CESA-2008-009.htmlhttp://secunia.com/advisories/32684http://secunia.com/advisories/32693http://secunia.com/advisories/32694http://secunia.com/advisories/32714http://secunia.com/advisories/32715http://secunia.com/advisories/32778http://secunia.com/advisories/32798