Launchpad.net

CVE 2008-0593

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

Related bugs and status

CVE-2008-0593 (Candidate) is related to these bugs:

Bug #195693: [iceape] several vulnerabilities

Summary				In	Importance	Status
	195693	[iceape] several vulnerabilities		iceape (Ubuntu)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.mozilla.org...
CONFIRM: https://bugzilla.mozil...
CONFIRM: http://wiki.rpath.com/...
DEBIAN: DSA-1484
DEBIAN: DSA-1485
DEBIAN: DSA-1489
REDHAT: RHSA-2008:0103
REDHAT: RHSA-2008:0104
REDHAT: RHSA-2008:0105
UBUNTU: USN-576-1
BID: 27683
SECTRACK: 1019341
SECUNIA: 28818
SECUNIA: 28754
SECUNIA: 28758
SECUNIA: 28766
SECUNIA: 28815
SECUNIA: 28839
SECUNIA: 28864
SECUNIA: 28865
SECUNIA: 28877
SECUNIA: 28879
FEDORA: FEDORA-2008-1435
FEDORA: FEDORA-2008-1459
FEDORA: FEDORA-2008-1535
SECUNIA: 28924
SECUNIA: 28939
CONFIRM: http://browser.netscap...
DEBIAN: DSA-1506
MANDRIVA: MDVSA-2008:048
SUSE: SUSE-SA:2008:008
SECUNIA: 28958
SECUNIA: 29049
SECUNIA: 29086
FEDORA: FEDORA-2008-2060
FEDORA: FEDORA-2008-2118
SECUNIA: 29167
CONFIRM: http://support.novell....
SECUNIA: 29567
SECUNIA: 30327
GENTOO: GLSA-200805-18
SUNALERT: 238492
SECUNIA: 30620
VUPEN: ADV-2008-0453
VUPEN: ADV-2008-0627
VUPEN: ADV-2008-1793
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20080209 rPSA-2008-005...