CVE-2008-5012

NONECVSS 0.0

0.0

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon.

🔗 References (74)

secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
secalert@redhathttp://scary.beasts.org/security/CESA-2008-009.html
secalert@redhathttp://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html
secalert@redhathttp://secunia.com/advisories/32684
secalert@redhathttp://secunia.com/advisories/32693
secalert@redhathttp://secunia.com/advisories/32694
secalert@redhathttp://secunia.com/advisories/32714
secalert@redhathttp://secunia.com/advisories/32715
secalert@redhathttp://secunia.com/advisories/32778
secalert@redhathttp://secunia.com/advisories/32798
secalert@redhathttp://secunia.com/advisories/32845
secalert@redhathttp://secunia.com/advisories/32853
secalert@redhathttp://secunia.com/advisories/33433
secalert@redhathttp://secunia.com/advisories/33434
secalert@redhathttp://secunia.com/advisories/34501

Is Your Infrastructure Affected by CVE-2008-5012?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-5012

📅 Published

🔄 Last Modified

🔗 References (74)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-5012?