CVE-2008-5023

Name of the Vulnerable Software and Affected Versions Firefox versions 3.x before 3.0.4 Firefox versions 2.x before 2.0.0.18 SeaMonkey versions 1.x before 1.1.13

Description The issue allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. Multiple vulnerabilities in various packages of the Debian GNU/Linux operating system can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For Firefox versions 3.x before 3.0.4, update to version 3.0.4 or later. For Firefox versions 2.x before 2.0.0.18, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x before 1.1.13, update to version 1.1.13 or later. As a temporary workaround, consider disabling the use of the -moz-binding CSS property in signed JAR files until a patch is available.