Lucene search

PRIOn knowledge basePRION:CVE-2008-5015

HistoryNov 13, 2008 - 11:30 a.m.

Code injection

2008-11-1311:30:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

0.023 Low

EPSS

Percentile

89.8%

JSON

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

CPENameOperatorVersion
firefoxeq3.0 beta2
firefoxeq3.0
firefoxeq3.0.1
firefoxeq3.0.2
firefoxeq3.0 beta5
firefoxle3.0.3
firefoxeq3.0 alpha

Name	Operator	Version
firefox	eq	3.0 beta2
firefox	eq	3.0
firefox	eq	3.0.1
firefox	eq	3.0.2
firefox	eq	3.0 beta5
firefox	le	3.0.3
firefox	eq	3.0 alpha

References

lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

secunia.com/advisories/32695

secunia.com/advisories/32713

secunia.com/advisories/32721

secunia.com/advisories/32778

secunia.com/advisories/34501

sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

ubuntu.com/usn/usn-667-1

www.mandriva.com/security/advisories?name=MDVSA-2008:230

www.mozilla.org/security/announce/2008/mfsa2008-51.html

www.redhat.com/support/errata/RHSA-2008-0978.html

www.securityfocus.com/bid/32281

www.securitytracker.com/id?1021191

www.us-cert.gov/cas/techalerts/TA08-319A.html

www.vupen.com/english/advisories/2008/3146

www.vupen.com/english/advisories/2009/0977

bugzilla.mozilla.org/show_bug.cgi?id=447579

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11063

www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html