CVE-2008-1238

Table of Contents

Impact:
Moderate
Public Date:
2008-03-25
Bugzilla:
438724: CVE-2008-1238 Referrer spoofing bug

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Find out more about CVE-2008-1238 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (firefox) RHSA-2008:0207 2008-03-27
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2008:0209 2008-04-03
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:0208 2008-03-27
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2008:0209 2008-04-03
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2008:0208 2008-03-27
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2008:0209 2008-04-03
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:0208 2008-03-27
Red Hat Enterprise Linux 4 (firefox) RHSA-2008:0207 2008-03-27
Last Modified

CVE description copyright © 2017, The MITRE Corporation