CVE-2008-5510

MEDIUM

Description

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.

References

http://secunia.com/advisories/33184

http://secunia.com/advisories/33188

http://secunia.com/advisories/33203

http://secunia.com/advisories/33204

http://secunia.com/advisories/33205

http://secunia.com/advisories/33216

http://secunia.com/advisories/33231

http://secunia.com/advisories/33408

http://secunia.com/advisories/33523

http://secunia.com/advisories/34501

http://secunia.com/advisories/35080

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

http://www.debian.org/security/2009/dsa-1707

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

http://www.mozilla.org/security/announce/2008/mfsa2008-67.html

http://www.redhat.com/support/errata/RHSA-2008-1036.html

http://www.securityfocus.com/bid/32882

http://www.securitytracker.com/id?1021425

http://www.ubuntu.com/usn/usn-690-2

http://www.ubuntu.com/usn/usn-701-1

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=228856

https://exchange.xforce.ibmcloud.com/vulnerabilities/47415

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9662

https://usn.ubuntu.com/690-1/

Details

Source: MITRE

Published: 2008-12-17

Updated: 2018-11-08

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM