Unrated severityNVD Advisory· Published Feb 9, 2008· Updated Apr 23, 2026
CVE-2008-0593
CVE-2008-0593
Description
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems.
Affected products
37cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=2.0.0.11
- cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:alpha:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:beta:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:*:dev:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.0.99:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:1.1.16:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
48- secunia.com/advisories/28754nvdVendor Advisory
- secunia.com/advisories/28758nvdVendor Advisory
- secunia.com/advisories/28766nvdVendor Advisory
- secunia.com/advisories/28815nvdVendor Advisory
- secunia.com/advisories/28818nvdVendor Advisory
- secunia.com/advisories/28839nvdVendor Advisory
- secunia.com/advisories/28864nvdVendor Advisory
- secunia.com/advisories/28865nvdVendor Advisory
- secunia.com/advisories/28877nvdVendor Advisory
- secunia.com/advisories/28879nvdVendor Advisory
- secunia.com/advisories/28924nvdVendor Advisory
- secunia.com/advisories/28939nvdVendor Advisory
- secunia.com/advisories/28958nvdVendor Advisory
- secunia.com/advisories/29049nvdVendor Advisory
- secunia.com/advisories/29086nvdVendor Advisory
- secunia.com/advisories/29167nvdVendor Advisory
- secunia.com/advisories/29567nvdVendor Advisory
- secunia.com/advisories/30327nvdVendor Advisory
- secunia.com/advisories/30620nvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0103.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0104.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0105.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2008/0453/referencesnvdVendor Advisory
- www.vupen.com/english/advisories/2008/0627/referencesnvdVendor Advisory
- www.vupen.com/english/advisories/2008/1793/referencesnvdVendor Advisory
- browser.netscape.com/releasenotes/nvd
- lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlnvd
- sunsolve.sun.com/search/document.donvd
- support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.htmlnvd
- wiki.rpath.com/Advisories:rPSA-2008-0051nvd
- www.debian.org/security/2008/dsa-1484nvd
- www.debian.org/security/2008/dsa-1485nvd
- www.debian.org/security/2008/dsa-1489nvd
- www.debian.org/security/2008/dsa-1506nvd
- www.gentoo.org/security/en/glsa/glsa-200805-18.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2008/mfsa2008-10.htmlnvd
- www.securityfocus.com/archive/1/487826/100/0/threadednvd
- www.securityfocus.com/bid/27683nvd
- www.securitytracker.com/idnvd
- www.ubuntu.com/usn/usn-576-1nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10075nvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.htmlnvd
- www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.htmlnvd
News mentions
0No linked articles in our index yet.