Lucene search

[email protected]CVE-2008-5503

HistoryDec 17, 2008 - 11:30 p.m.

CVE-2008-5503

2008-12-1723:30:00

[email protected]

web.nvd.nist.gov

cve-2008-5503

mozilla

firefox

thunderbird

seamonkey

same-domain policy

security check

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

9.6 High

AI Score

Confidence

High

0.044 Low

EPSS

Percentile

92.4%

JSON

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

Affected configurations

NVD

Node

mozillafirefoxRange≤2.0.0.18

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillaseamonkeyRange≤1.1.13

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillathunderbirdRange≤2.0.0.18

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

CPENameOperatorVersion
mozilla:firefoxmozilla firefoxle2.0.0.18
mozilla:firefoxmozilla firefoxeq2.0
mozilla:firefoxmozilla firefoxeq2.0.0.1
mozilla:firefoxmozilla firefoxeq2.0.0.2
mozilla:firefoxmozilla firefoxeq2.0.0.3
mozilla:firefoxmozilla firefoxeq2.0.0.4
mozilla:firefoxmozilla firefoxeq2.0.0.5
mozilla:firefoxmozilla firefoxeq2.0.0.6
mozilla:firefoxmozilla firefoxeq2.0.0.7
mozilla:firefoxmozilla firefoxeq2.0.0.8

CPE	Name	Operator	Version
mozilla:firefox	mozilla firefox	le	2.0.0.18
mozilla:firefox	mozilla firefox	eq	2.0
mozilla:firefox	mozilla firefox	eq	2.0.0.1
mozilla:firefox	mozilla firefox	eq	2.0.0.2
mozilla:firefox	mozilla firefox	eq	2.0.0.3
mozilla:firefox	mozilla firefox	eq	2.0.0.4
mozilla:firefox	mozilla firefox	eq	2.0.0.5
mozilla:firefox	mozilla firefox	eq	2.0.0.6
mozilla:firefox	mozilla firefox	eq	2.0.0.7
mozilla:firefox	mozilla firefox	eq	2.0.0.8