PT-2008-6936 · Mozilla+3 · Thunderbird+5

Published

1970-01-01

Updated

2024-06-15

CVE-2008-5022

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Firefox versions 3.x through 3.0.3 Firefox versions 2.x through 2.0.0.17 Thunderbird versions 2.x through 2.0.0.17 SeaMonkey versions 1.x through 1.1.12

Description The issue allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. Multiple vulnerabilities in various packages of the Debian GNU/Linux operating system can lead to a violation of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Firefox versions 3.x through 3.0.3, update to version 3.0.4 or later. For Firefox versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For Thunderbird versions 2.x through 2.0.0.17, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x through 1.1.12, update to version 1.1.13 or later.

Exploit

Fix

Buffer Overflow

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-91CWE-287

Related Identifiers

BDU:2015-02788

BDU:2015-02789

BDU:2015-02790

BDU:2015-02791

BDU:2015-02792

BDU:2015-02793

BDU:2015-02794

BDU:2015-02795

BDU:2015-02796

BDU:2015-02797

CVE-2008-5022

DSA-1669-1

DSA-1671-1

DSA-1696-1

DSA-1697-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10601-1

RHSA-2008:0976

RHSA-2008:0977

RHSA-2008:0978

RHSA-2008_0976

RHSA-2008_0977

RHSA-2008_0978

Affected Products

Debian

Firefox

Red Hat

Seamonkey

Suse

Thunderbird

PT-2008-6936 · Mozilla+3 · Thunderbird+5

CVE-2008-5022

Weakness Enumeration

Related Identifiers

Affected Products

References · 1470