2
Candidate: CVE-2008-1238
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1238
5
https://usn.ubuntu.com/usn/usn-592-1
7
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating
8
the HTTP Referer header, does not list the entire URL when it contains
9
Basic Authentication credentials without a username, which makes it easier
10
for remote attackers to bypass application protection mechanisms that rely
11
on Referer headers, such as with some Cross-Site Request Forgery (CSRF)
21
upstream_firefox: 2.0.0.13
22
dapper_firefox: released (1.5.dfsg+1.5.0.15~prepatch080323a-0ubuntu1)
23
edgy_firefox: released (2.0.0.13+0nobinonly-0ubuntu0.6.10)
24
feisty_firefox: released (2.0.0.13+0nobinonly-0ubuntu0.7.4)
25
gutsy_firefox: released (2.0.0.13+1nobinonly-0ubuntu0.7.10)
26
hardy_firefox: released (2.0.0.13+1nobinonly-0ubuntu1)
31
upstream_xulrunner: needs-triage
33
edgy_xulrunner: needed (reached end-of-life)
34
feisty_xulrunner: needed (reached end-of-life)
35
gutsy_xulrunner: released (1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
36
hardy_xulrunner: released (1.8.1.13+nobinonly-0ubuntu1)
37
intrepid_xulrunner: released (1.8.1.13+nobinonly-0ubuntu1)
38
devel_xulrunner: released (1.8.1.13+nobinonly-0ubuntu1)
41
upstream_iceape: 1.1.9
45
gutsy_iceape: needed (reached end-of-life)
51
upstream_iceweasel: needs-triage
57
intrepid_iceweasel: DNE
61
upstream_seamonkey: 1.1.9
66
hardy_seamonkey: released (1.1.9+nobinonly-0ubuntu1)
67
intrepid_seamonkey: released (1.1.9+nobinonly-0ubuntu1)
68
devel_seamonkey: released (1.1.9+nobinonly-0ubuntu1)