[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5511Date: (C)2008-12-17   (M)2024-02-09


Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1021418
SUNALERT-256408
SUNALERT-258748
BID-32882
SECUNIA-33184
SECUNIA-33188
SECUNIA-33189
SECUNIA-33203
SECUNIA-33204
SECUNIA-33205
SECUNIA-33216
SECUNIA-33231
SECUNIA-33232
SECUNIA-33408
SECUNIA-33415
SECUNIA-33421
SECUNIA-33433
SECUNIA-33434
SECUNIA-33523
SECUNIA-33547
SECUNIA-34501
SECUNIA-35080
ADV-2009-0977
DSA-1696
DSA-1697
DSA-1704
DSA-1707
MDVSA-2008:244
MDVSA-2008:245
MDVSA-2009:012
RHSA-2008:1036
RHSA-2008:1037
RHSA-2009:0002
USN-690-1
USN-690-2
USN-690-3
USN-701-1
USN-701-2
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=451680
https://bugzilla.mozilla.org/show_bug.cgi?id=464174
mozilla-xbl-security-bypass(47417)
oval:org.mitre.oval:def:11881

CWE    1
CWE-79
OVAL    21
oval:org.secpod.oval:def:200409
oval:org.secpod.oval:def:600436
oval:org.secpod.oval:def:600343
oval:org.secpod.oval:def:400064
...

© SecPod Technologies