CVE-2008-5023

critical

Description

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

References

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

https://bugzilla.mozilla.org/show_bug.cgi?id=424733

http://www.vupen.com/english/advisories/2009/0977

http://www.vupen.com/english/advisories/2008/3146

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.securitytracker.com/id?1021189

http://www.securityfocus.com/bid/32281

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.mozilla.org/security/announce/2008/mfsa2008-57.html

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.debian.org/security/2008/dsa-1671

http://www.debian.org/security/2008/dsa-1669

http://ubuntu.com/usn/usn-667-1

http://secunia.com/advisories/34501

http://secunia.com/advisories/32853

http://secunia.com/advisories/32845

http://secunia.com/advisories/32778

http://secunia.com/advisories/32721

http://secunia.com/advisories/32714

http://secunia.com/advisories/32713

http://secunia.com/advisories/32695

http://secunia.com/advisories/32694

http://secunia.com/advisories/32693

http://secunia.com/advisories/32684

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

Details

Source: Mitre, NVD

Published: 2008-11-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical