CVE-2008-1238

by Fred · 27/03/2008

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Date published : 2008-03-27

http://www.securityfocus.com/bid/28448

http://www.securityfocus.com/archive/1/490196/100/0/threaded

CVE-2008-1238

Similar

Recent Posts

Categories

CVE-2008-1238

Share this:

Similar

Recent Posts

Categories

Tags