CVE-2008-1238 (Firefox, SeaMonkey) |
|
| BugsAlert Home > CVE-2008-1238 (Firefox, SeaMonkey) | |
|
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1238 Learn more about CVE-2008-1238 (Firefox, SeaMonkey) |
|
Related Items |
|
|
CVE-2008-1274 (AIX)
|
|
|
CVE-2008-0706 (hpqflash_for_hp_notebook_system_bios, Presario C700, G7000, Presario A900)
|
|
|
FrSIRT - Microsoft Windows Bluetooth Remote Code Execution (MS08-030)
|
|
|
VU#715737:Mozilla-based browsers jar: URI cross-site scripting vulnerability
|
|
|
TCPreen "SocketAddress::Connect()" and "monitor_bridge()" Overflow
|
|
|
CVE-2008-1294 (Kernel)
|
|
|
FrSIRT - XySSL Security Bypass and Denial of Service Vulnerabilities
|
|
