RedhatCVELIST:CVE-2008-5023CVE-2008-5023
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
References
lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
secunia.com/advisories/32684
secunia.com/advisories/32693
secunia.com/advisories/32694
secunia.com/advisories/32695
secunia.com/advisories/32713
secunia.com/advisories/32714
secunia.com/advisories/32721
secunia.com/advisories/32778
secunia.com/advisories/32845
secunia.com/advisories/32853
secunia.com/advisories/34501
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
ubuntu.com/usn/usn-667-1
www.debian.org/security/2008/dsa-1669
www.debian.org/security/2008/dsa-1671
www.mandriva.com/security/advisories?name=MDVSA-2008:228
www.mandriva.com/security/advisories?name=MDVSA-2008:230
www.mozilla.org/security/announce/2008/mfsa2008-57.html
www.redhat.com/support/errata/RHSA-2008-0977.html
www.redhat.com/support/errata/RHSA-2008-0978.html
www.securityfocus.com/bid/32281
www.securitytracker.com/id?1021189
www.us-cert.gov/cas/techalerts/TA08-319A.html
www.vupen.com/english/advisories/2008/3146
www.vupen.com/english/advisories/2009/0977
bugzilla.mozilla.org/show_bug.cgi?id=424733
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908
www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
Related
