Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21043
HistoryDec 18, 2008 - 12:00 a.m.

Mozilla Foundation Security Advisory 2008-66

2008-12-1800:00:00
vulners.com
34
JSON

Mozilla Foundation Security Advisory 2008-66

Title: Errors parsing URLs with leading whitespace and control characters
Impact: Low
Announced: December 16, 2008
Reporter: Chip Salzenberg
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 3.0.5
Firefox 2.0.0.19
Thunderbird 2.0.0.19
SeaMonkey 1.1.14
Description

Perl developer Chip Salzenberg reported that certain control characters, when placed at the beginning of a URL, would lead to incorrect parsing resulting in a malformed URL being output by the parser. IBM researchers Justin Schuh, Tom Cross, and Peter William also reported a related symptom as part of their research that resulted in MFSA 2008-37.

There was no direct security impact from this issue and its effect was limited to the improper rendering of hyperlinks containing specific characters. The severity of this issue was determined to be low.
References

* Control characters in URL bug
* Leading URL whitespace bug
* CVE-2008-5508

Related

ubuntucve 1
mozilla 1
prion 2
veracode 1
cve 2
ubuntu 3
openvas 111
nessus 36
osv 2
debian 2
fedora 34
redhat 1
oraclelinux 1
centos 2
ubuntucve
ubuntucve
CVE-2008-5508
2008-12-17 00:00:00
mozilla
mozilla
Errors parsing URLs with leading whitespace and control characters — Mozilla
2008-12-16 00:00:00
prion
prion
Design/Logic Flaw
2008-12-17 23:30:00
Design/Logic Flaw
2021-05-26 22:15:00
veracode
veracode
Phishing Attacks
2020-04-10 00:28:11
cve
cve
CVE-2008-5508
2008-12-17 23:30:00
CVE-2008-5509
2021-05-26 22:15:00
ubuntu
ubuntu
Thunderbird vulnerabilities
2009-01-06 00:00:00
Thunderbird vulnerabilities
2009-01-06 00:00:00
Firefox vulnerabilities
2008-12-18 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-701-2)
2009-01-13 00:00:00
Ubuntu USN-701-2 (mozilla-thunderbird)
2009-01-13 00:00:00
Debian Security Advisory DSA 1704-1 (xulrunner)
2009-01-20 00:00:00
nessus
nessus
Debian DSA-1704-1 : xulrunner - several vulnerabilities
2009-01-15 00:00:00
Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-701-2)
2013-03-09 00:00:00
SuSE 10 Security Update : Epiphany (ZYPP Patch Number 5889)
2009-09-24 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-01-14 00:00:00
iceweasel - several vulnerabilities
2009-01-15 00:00:00
debian
debian
[SECURITY] [DSA 1704-1] New xulrunner packages fix several vulnerabilities
2009-01-14 20:28:56
[SECURITY] [DSA 1707-1] New iceweasel packages fix several vulnerabilities
2009-01-15 22:03:27
fedora
fedora
[SECURITY] Fedora 9 Update: seamonkey-1.1.14-1.fc9
2008-12-21 08:44:36
[SECURITY] Fedora 8 Update: seamonkey-1.1.14-1.fc8
2008-12-21 08:25:27
[SECURITY] Fedora 10 Update: seamonkey-1.1.14-1.fc10
2008-12-21 08:40:41
redhat
redhat
(RHSA-2009:0002) Moderate: thunderbird security update
2009-01-07 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2009-01-07 00:00:00
centos
centos
thunderbird security update
2009-01-08 14:35:58
seamonkey security update
2008-12-22 02:56:59
JSON
Related for SECURITYVULNS:DOC:21043
ubuntucve1mozilla1prion2veracode1cve2ubuntu3openvas111nessus36osv2debian2fedora34redhat1oraclelinux1centos2