Launchpad.net

CVE 2008-1238

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Related bugs and status

CVE-2008-1238 (Candidate) is related to these bugs:

Bug #210155: various outstanding security updates in mozilla universe packages (as of 1.8.1.13)

		In	Importance	Status
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Edgy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Edgy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Feisty)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Feisty)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Gutsy)	High	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Gutsy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Gutsy)	High	Won't Fix
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	iceape (Ubuntu Hardy)	Undecided	Invalid
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	seamonkey (Ubuntu Hardy)	High	Fix Released
210155	various outstanding security updates in mozilla universe packages (as of 1.8.1.13)	xulrunner (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-1238

Related bugs and status

Related bugs

References