Lucene search

[email protected]CVE-2008-5023

HistoryNov 13, 2008 - 11:30 a.m.

CVE-2008-5023

2008-11-1311:30:01

CWE-20

[email protected]

web.nvd.nist.gov

cve-2008-5023

firefox

seamonkey

code execution

css

jar file

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

Affected configurations

NVD

Node

mozillafirefoxRange2.0–2.0.0.18

mozillafirefoxRange3.0–3.0.4

mozillaseamonkeyRange1.0–1.1.13

Node

debiandebian_linuxMatch4.0

Node

canonicalubuntu_linuxMatch6.06lts

canonicalubuntu_linuxMatch7.10

canonicalubuntu_linuxMatch8.04lts

canonicalubuntu_linuxMatch8.10

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxlt2.0.0.18
mozilla:firefoxmozilla firefoxlt3.0.4
mozilla:seamonkeymozilla seamonkeylt1.1.13

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	lt	2.0.0.18
mozilla:firefox	mozilla firefox	lt	3.0.4
mozilla:seamonkey	mozilla seamonkey	lt	1.1.13

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

secunia.com/advisories/32684

secunia.com/advisories/32693

secunia.com/advisories/32694

secunia.com/advisories/32695

secunia.com/advisories/32713

secunia.com/advisories/32714

secunia.com/advisories/32721

secunia.com/advisories/32778

secunia.com/advisories/32845

secunia.com/advisories/32853

secunia.com/advisories/34501

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

ubuntu.com/usn/usn-667-1

www.debian.org/security/2008/dsa-1669

www.debian.org/security/2008/dsa-1671

www.mandriva.com/security/advisories?name=MDVSA-2008:228

www.mandriva.com/security/advisories?name=MDVSA-2008:230

www.mozilla.org/security/announce/2008/mfsa2008-57.html

www.redhat.com/support/errata/RHSA-2008-0977.html

www.redhat.com/support/errata/RHSA-2008-0978.html

www.securityfocus.com/bid/32281

www.securitytracker.com/id?1021189

www.us-cert.gov/cas/techalerts/TA08-319A.html

www.vupen.com/english/advisories/2008/3146

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=424733

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.2%

JSON

Related for CVE-2008-5023

mozilla1 cvelist1 veracode1 securityvulns2 prion1 nvd1 ubuntucve1 openvas112 nessus28 debian1 osv1 fedora39 centos3 oraclelinux2 redhat2 suse1 ubuntu1 freebsd1