Lucene search
Ubuntu.comUB:CVE-2008-1238HistoryMar 27, 2008 - 12:00 a.m.
CVE-2008-1238
2008-03-2700:00:00
ubuntu.com
ubuntu.com
12
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.009
Percentile
82.8%
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating
the HTTP Referer header, does not list the entire URL when it contains
Basic Authentication credentials without a username, which makes it easier
for remote attackers to bypass application protection mechanisms that rely
on Referer headers, such as with some Cross-Site Request Forgery (CSRF)
mechanisms.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1 | UNKNOWN |
| ubuntu | 6.10 | noarch | firefox | < 2.0.0.13+0nobinonly-0ubuntu0.6.10 | UNKNOWN |
| ubuntu | 7.04 | noarch | firefox | < 2.0.0.13+0nobinonly-0ubuntu0.7.4 | UNKNOWN |
| ubuntu | 7.10 | noarch | firefox | < 2.0.0.13+1nobinonly-0ubuntu0.7.10 | UNKNOWN |
| ubuntu | 8.04 | noarch | firefox | < 2.0.0.13+1nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 8.04 | noarch | seamonkey | < 1.1.9+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 8.10 | noarch | seamonkey | < 1.1.9+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 7.10 | noarch | xulrunner | < 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | xulrunner | < 1.8.1.13+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 8.10 | noarch | xulrunner | < 1.8.1.13+nobinonly-0ubuntu1 | UNKNOWN |
Related
prion
prion
Cross site request forgery (csrf)
2008-03-27 10:44:00
cve
cve
CVE-2008-1238
2008-03-27 10:44:00
nvd
nvd
CVE-2008-1238
2008-03-27 10:44:00
mozilla
mozilla
HTTP Referrer spoofing with malformed URLs — Mozilla
2008-03-25 00:00:00
cvelist
cvelist
CVE-2008-1238
2008-03-27 10:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-16
2008-03-26 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2008-03-28 00:00:00
veracode
veracode
Access Control Bypass
2020-04-10 00:22:22
openvas
openvas
Mozilla Firefox, Thunderbird, Seamonkey: Multiple Vulnerabilities (MFSA2008-14) - Linux
2008-06-17 00:00:00
CentOS Update for thunderbird CESA-2008:0209 centos4 x86_64
2009-02-27 00:00:00
CentOS Update for firefox CESA-2008:0207 centos4 i386
2009-02-27 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2008-04-03 00:00:00
firefox security update
2008-03-27 00:00:00
seamonkey security update
2008-03-28 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: galeon-2.0.3-16.fc7
2008-03-26 17:11:47
[SECURITY] Fedora 8 Update: epiphany-2.20.3-2.fc8
2008-03-26 17:14:06
[SECURITY] Fedora 8 Update: gnome-web-photo-0.3-9.fc8
2008-03-26 17:14:06
nessus
nessus
redhat
redhat
(RHSA-2008:0207) Critical: firefox security update
2008-03-26 00:00:00
(RHSA-2008:0209) Moderate: thunderbird security update
2008-04-03 00:00:00
(RHSA-2008:0208) Critical: seamonkey security update
2008-03-27 00:00:00
centos
centos
firefox security update
2008-03-27 14:36:53
thunderbird security update
2008-04-10 17:03:24
seamonkey security update
2008-03-28 11:28:19
seebug
seebug
Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.13版本修复多个安全漏洞
2008-03-31 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-03-26 00:00:00
suse
suse
remote code execution in MozillaFirefox
2008-04-04 15:01:05
ubuntu
ubuntu
Firefox vulnerabilities
2008-03-26 00:00:00
osv
osv
debian
debian
[SECURITY] [DSA 1534-2] New iceape packages fix regression
2008-04-24 21:02:40
[SECURITY] [DSA 1534-1] New iceape packages fix several vulnerabilities
2008-03-28 13:48:02
[SECURITY] [DSA 1535-1] New iceweasel packages fix several vulnerabilities
2008-03-30 12:22:31
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
0.009
Percentile
82.8%
Related for UB:CVE-2008-1238