[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249622

 
 

909

 
 

195549

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5013Date: (C)2008-11-13   (M)2024-02-09


Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1021181
SUNALERT-256408
BID-32281
SECUNIA-32684
SECUNIA-32693
SECUNIA-32694
SECUNIA-32714
SECUNIA-32778
SECUNIA-32845
SECUNIA-32853
SECUNIA-33433
SECUNIA-34501
ADV-2008-3146
ADV-2009-0977
DSA-1669
DSA-1671
DSA-1697
FEDORA-2008-9667
MDVSA-2008:228
RHSA-2008:0977
SUSE-SA:2008:055
TA08-319A
USN-667-1
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
https://bugzilla.mozilla.org/show_bug.cgi?id=433610
oval:org.mitre.oval:def:9660

CPE    84
cpe:/a:mozilla:firefox:1.5:beta2
cpe:/a:mozilla:firefox:1.5:beta1
cpe:/a:mozilla:seamonkey:1.0.1
cpe:/a:mozilla:seamonkey:1.0.2
...
CWE    1
CWE-399
OVAL    5
oval:org.mitre.oval:def:8140
oval:org.mitre.oval:def:7950
oval:org.secpod.oval:def:301255
oval:org.secpod.oval:def:600503
...

© SecPod Technologies