Lucene search

[email protected]CVE-2008-5503

HistoryDec 17, 2008 - 11:30 p.m.

CVE-2008-5503

2008-12-1723:30:00

[email protected]

web.nvd.nist.gov

cve-2008-5503

mozilla

firefox

thunderbird

seamonkey

same-domain policy

security check

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

9.6

Confidence

High

EPSS

0.044

Percentile

92.4%

JSON

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

Affected configurations

NVD

Node

mozillafirefoxRange≤2.0.0.18

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillaseamonkeyRange≤1.1.13

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.2

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.5

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.7

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.2

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.4

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillathunderbirdRange≤2.0.0.18

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

VendorProductVersionCPE
mozillafirefox2.0.0.4cpe:/a:mozilla:firefox:2.0.0.4:::
mozillafirefox2.0cpe:/a:mozilla:firefox:2.0:::
mozillaseamonkey1.1.7cpe:/a:mozilla:seamonkey:1.1.7:::
mozillafirefox2.0.0.9cpe:/a:mozilla:firefox:2.0.0.9:::
mozillaseamonkey1.0cpe:/a:mozilla:seamonkey:1.0:::
mozillaseamonkey1.0.2cpe:/a:mozilla:seamonkey:1.0.2:::
mozillaseamonkey1.1.12cpe:/a:mozilla:seamonkey:1.1.12:::
mozillathunderbird2.0.0.4cpe:/a:mozilla:thunderbird:2.0.0.4:::
mozillathunderbird2.0.0.17cpe:/a:mozilla:thunderbird:2.0.0.17:::
mozillafirefox2.0.0.8cpe:/a:mozilla:firefox:2.0.0.8:::

Vendor	Product	Version	CPE
mozilla	firefox	2.0.0.4	cpe:/a:mozilla:firefox:2.0.0.4:::
mozilla	firefox	2.0	cpe:/a:mozilla:firefox:2.0:::
mozilla	seamonkey	1.1.7	cpe:/a:mozilla:seamonkey:1.1.7:::
mozilla	firefox	2.0.0.9	cpe:/a:mozilla:firefox:2.0.0.9:::
mozilla	seamonkey	1.0	cpe:/a:mozilla:seamonkey:1.0:::
mozilla	seamonkey	1.0.2	cpe:/a:mozilla:seamonkey:1.0.2:::
mozilla	seamonkey	1.1.12	cpe:/a:mozilla:seamonkey:1.1.12:::
mozilla	thunderbird	2.0.0.4	cpe:/a:mozilla:thunderbird:2.0.0.4:::
mozilla	thunderbird	2.0.0.17	cpe:/a:mozilla:thunderbird:2.0.0.17:::
mozilla	firefox	2.0.0.8	cpe:/a:mozilla:firefox:2.0.0.8:::