CVE-2008-5511

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=451680	Issue Tracking Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=464174	Issue Tracking Vendor Advisory
http://secunia.com/advisories/33231	Third Party Advisory
http://www.debian.org/security/2009/dsa-1697	Third Party Advisory
http://secunia.com/advisories/33433	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012	Third Party Advisory
http://www.ubuntu.com/usn/usn-690-2	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-1037.html	Third Party Advisory
http://secunia.com/advisories/33203	Third Party Advisory
http://www.securitytracker.com/id?1021418	Third Party Advisory VDB Entry
http://www.debian.org/security/2009/dsa-1704	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244	Third Party Advisory
http://www.securityfocus.com/bid/32882	Third Party Advisory VDB Entry
http://secunia.com/advisories/33523	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245	Third Party Advisory
http://secunia.com/advisories/33184	Third Party Advisory
http://secunia.com/advisories/33205	Third Party Advisory
http://secunia.com/advisories/33188	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-1036.html	Third Party Advisory
http://secunia.com/advisories/33189	Third Party Advisory
http://secunia.com/advisories/33232	Third Party Advisory
http://secunia.com/advisories/33547	Third Party Advisory
http://secunia.com/advisories/33216	Third Party Advisory
http://www.debian.org/security/2009/dsa-1707	Third Party Advisory
http://secunia.com/advisories/33204	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-0002.html	Third Party Advisory
http://secunia.com/advisories/33421	Third Party Advisory
http://secunia.com/advisories/33434	Third Party Advisory
http://www.debian.org/security/2009/dsa-1696	Third Party Advisory
http://secunia.com/advisories/34501	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	Broken Link
http://www.vupen.com/english/advisories/2009/0977	Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1	Broken Link
http://secunia.com/advisories/35080	Third Party Advisory
http://www.ubuntu.com/usn/usn-701-2	Third Party Advisory
http://www.ubuntu.com/usn/usn-701-1	Third Party Advisory
http://secunia.com/advisories/33408	Third Party Advisory
http://secunia.com/advisories/33415	Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47417	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881	Third Party Advisory
https://usn.ubuntu.com/690-3/	Third Party Advisory
https://usn.ubuntu.com/690-1/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:4.0:::::::*

Information

Published : 2008-12-17 15:30

Updated : 2023-02-12 18:19

NVD link : CVE-2008-5511

Mitre link : CVE-2008-5511

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Products Affected

mozilla

thunderbird
firefox
seamonkey

canonical

ubuntu_linux

debian

debian_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-68.html", "name": "http://www.mozilla.org/security/announce/2008/mfsa2008-68.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=451680", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=451680", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=464174", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=464174", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/33231", "name": "33231", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1697", "name": "DSA-1697", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/33433", "name": "33433", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:012", "name": "MDVSA-2009:012", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.ubuntu.com/usn/usn-690-2", "name": "USN-690-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-1037.html", "name": "RHSA-2008:1037", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/33203", "name": "33203", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securitytracker.com/id?1021418", "name": "1021418", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www.debian.org/security/2009/dsa-1704", "name": "DSA-1704", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:244", "name": "MDVSA-2008:244", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://www.securityfocus.com/bid/32882", "name": "32882", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/33523", "name": "33523", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245", "name": "MDVSA-2008:245", "tags": ["Third Party Advisory"], "refsource": "MANDRIVA"}, {"url": "http://secunia.com/advisories/33184", "name": "33184", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33205", "name": "33205", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33188", "name": "33188", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html", "name": "RHSA-2008:1036", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/33189", "name": "33189", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33232", "name": "33232", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33547", "name": "33547", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33216", "name": "33216", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1707", "name": "DSA-1707", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/33204", "name": "33204", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.redhat.com/support/errata/RHSA-2009-0002.html", "name": "RHSA-2009:0002", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/33421", "name": "33421", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33434", "name": "33434", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1696", "name": "DSA-1696", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://secunia.com/advisories/34501", "name": "34501", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1", "name": "256408", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://www.vupen.com/english/advisories/2009/0977", "name": "ADV-2009-0977", "tags": ["Third Party Advisory"], "refsource": "VUPEN"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1", "name": "258748", "tags": ["Broken Link"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/35080", "name": "35080", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.ubuntu.com/usn/usn-701-2", "name": "USN-701-2", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://www.ubuntu.com/usn/usn-701-1", "name": "USN-701-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/33408", "name": "33408", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33415", "name": "33415", "tags": ["Third Party Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47417", "name": "mozilla-xbl-security-bypass(47417)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881", "name": "oval:org.mitre.oval:def:11881", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://usn.ubuntu.com/690-3/", "name": "USN-690-3", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://usn.ubuntu.com/690-1/", "name": "USN-690-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an \"unloaded document.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-5511", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2008-12-17T23:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.19", "versionStartIncluding": "2.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.0.5", "versionStartIncluding": "3.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.1.14", "versionStartIncluding": "1.0"}, {"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.0.0.19", "versionStartIncluding": "2.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T02:19Z"}

4.3 /10