CVE-2008-0593

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.

🔗 References (96)

• secalert@redhathttp://browser.netscape.com/releasenotes/
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
• secalert@redhathttp://secunia.com/advisories/28754
• secalert@redhathttp://secunia.com/advisories/28758
• secalert@redhathttp://secunia.com/advisories/28766
• secalert@redhathttp://secunia.com/advisories/28815
• secalert@redhathttp://secunia.com/advisories/28818
• secalert@redhathttp://secunia.com/advisories/28839
• secalert@redhathttp://secunia.com/advisories/28864
• secalert@redhathttp://secunia.com/advisories/28865
• secalert@redhathttp://secunia.com/advisories/28877
• secalert@redhathttp://secunia.com/advisories/28879
• secalert@redhathttp://secunia.com/advisories/28924
• secalert@redhathttp://secunia.com/advisories/28939
• secalert@redhathttp://secunia.com/advisories/28958