Detections
Analytics
CVE-2008-5023
critical
Description
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
References
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908
http://www.vupen.com/english/advisories/2009/0977
http://www.vupen.com/english/advisories/2008/3146
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
http://www.securitytracker.com/id?1021189
http://www.securityfocus.com/bid/32281
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.debian.org/security/2008/dsa-1671
http://www.debian.org/security/2008/dsa-1669
http://ubuntu.com/usn/usn-667-1
http://secunia.com/advisories/34501
http://secunia.com/advisories/32853
http://secunia.com/advisories/32845
http://secunia.com/advisories/32778
http://secunia.com/advisories/32721
http://secunia.com/advisories/32714
http://secunia.com/advisories/32713
http://secunia.com/advisories/32695
http://secunia.com/advisories/32694
http://secunia.com/advisories/32693
http://secunia.com/advisories/32684
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html