Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2008-5023
HistoryNov 13, 2008 - 11:30 a.m.

CVE-2008-5023

2008-11-1311:30:01
CWE-20
redhat
web.nvd.nist.gov
61
cve-2008-5023
firefox
seamonkey
code execution
css
jar file
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

Affected configurations

Nvd
Node
mozillafirefoxRange2.02.0.0.18
OR
mozillafirefoxRange3.03.0.4
OR
mozillaseamonkeyRange1.01.1.13
Node
debiandebian_linuxMatch4.0
Node
canonicalubuntu_linuxMatch6.06lts
OR
canonicalubuntu_linuxMatch7.10
OR
canonicalubuntu_linuxMatch8.04lts
OR
canonicalubuntu_linuxMatch8.10
VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
debiandebian_linux4.0cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
canonicalubuntu_linux7.10cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
canonicalubuntu_linux8.10cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

References

Related

cvelist 1
mozilla 1
prion 1
securityvulns 2
nvd 1
veracode 1
ubuntucve 1
openvas 113
debian 1
nessus 27
osv 1
fedora 39
centos 3
oraclelinux 2
redhat 2
suse 1
freebsd 1
ubuntu 1
cvelist
cvelist
CVE-2008-5023
2008-11-13 11:00:00
mozilla
mozilla
-moz-binding property bypasses security checks on codebase principals — Mozilla
2008-11-12 00:00:00
prion
prion
Authentication flaw
2008-11-13 11:30:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-57
2008-11-14 00:00:00
Mozilla Firefox / Thinderbird / Seamonkey multiple security vulnerabilities
2008-11-14 00:00:00
nvd
nvd
CVE-2008-5023
2008-11-13 11:30:01
veracode
veracode
Information Disclosure
2020-04-10 00:27:21
ubuntucve
ubuntucve
CVE-2008-5023
2008-11-13 00:00:00
openvas
openvas
RedHat Update for firefox RHSA-2008:0978-01
2009-03-06 00:00:00
CentOS Update for firefox CESA-2008:0978 centos4 i386
2009-02-27 00:00:00
Debian Security Advisory DSA 1671-1 (iceweasel)
2008-12-03 00:00:00
debian
debian
[SECURITY] [DSA 1671-1] New iceweasel packages fix several vulnerabilities
2008-11-24 21:36:25
nessus
nessus
CentOS 4 / 5 : firefox (CESA-2008:0978)
2010-01-06 00:00:00
Mandriva Linux Security Advisory : firefox (MDVSA-2008:230)
2009-04-23 00:00:00
Firefox 3.0.x < 3.0.4 Multiple Vulnerabilities
2008-11-13 00:00:00
osv
osv
iceweasel - several vulnerabilities
2008-11-24 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: evolution-rss-0.1.0-4.fc9
2008-11-14 12:52:41
[SECURITY] Fedora 9 Update: google-gadgets-0.10.1-5.fc9.1
2008-11-14 12:52:42
[SECURITY] Fedora 9 Update: epiphany-2.22.2-5.fc9
2008-11-14 12:52:41
centos
centos
devhelp, firefox, nss, xulrunner, yelp security update
2008-11-14 23:55:42
seamonkey security update
2008-11-13 06:38:44
seamonkey security update
2008-11-13 14:22:44
oraclelinux
oraclelinux
seamonkey security update
2008-11-13 00:00:00
firefox security update
2008-11-13 00:00:00
redhat
redhat
(RHSA-2008:0978) Critical: firefox security update
2008-11-12 00:00:00
(RHSA-2008:0977) Critical: seamonkey security update
2008-11-12 00:00:00
suse
suse
remote code execution in MozillaFirefox,MozillaThunderbird,seamonkey
2008-11-26 16:19:10
freebsd
freebsd
mozilla -- multiple vulnerabilities
2008-11-13 00:00:00
ubuntu
ubuntu
Firefox and xulrunner vulnerabilities
2008-11-17 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.8

Confidence

High

EPSS

0.008

Percentile

82.2%

JSON
Related for CVE-2008-5023
cvelist1mozilla1prion1securityvulns2nvd1veracode1ubuntucve1openvas113debian1nessus27osv1fedora39centos3oraclelinux2redhat2suse1freebsd1ubuntu1