[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-5023

Date: (C)2008-11-13   (M)2017-10-04
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

Reference:
SECTRACK-1021189
SUNALERT-256408
BID-32281
SECUNIA-32684
SECUNIA-32693
SECUNIA-32694
SECUNIA-32695
SECUNIA-32713
SECUNIA-32714
SECUNIA-32721
SECUNIA-32778
SECUNIA-32845
SECUNIA-32853
SECUNIA-34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
FEDORA-2008-9667
FEDORA-2008-9669
MDVSA-2008:228
MDVSA-2008:230
RHSA-2008:0977
RHSA-2008:0978
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
https://bugzilla.mozilla.org/show_bug.cgi?id=424733

CPE    86
cpe:/a:mozilla:seamonkey:1.1:beta
cpe:/a:mozilla:seamonkey:1.1.8
cpe:/a:mozilla:seamonkey:1.1.9
cpe:/a:mozilla:seamonkey:1.1.6
...
CWE    1
CWE-20
OVAL    4
oval:org.mitre.oval:def:7740
oval:org.mitre.oval:def:8140
oval:org.secpod.oval:def:301405
oval:org.secpod.oval:def:301255
...

© 2013 SecPod Technologies