nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
02 Feb 2024, 17:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Opensuse opensuse
Suse linux Enterprise Desktop Novell Suse linux Enterprise Server Fedoraproject fedora Novell linux Desktop Novell open Enterprise Server Opensuse Fedoraproject Suse Suse linux Enterprise Software Development Kit Suse linux Enterprise Debuginfo |
|
CWE | CWE-362 | |
CPE | cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:* cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* |
|
References | () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/32684 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32693 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32694 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32695 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32713 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32714 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32715 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32721 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32778 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32798 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32845 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/32853 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/33433 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/33434 - Broken Link, Third Party Advisory | |
References | () http://secunia.com/advisories/34501 - Broken Link, Third Party Advisory | |
References | () http://www.debian.org/security/2008/dsa-1669 - Mailing List, Third Party Advisory | |
References | () http://www.debian.org/security/2008/dsa-1671 - Mailing List, Third Party Advisory | |
References | () http://www.debian.org/security/2009/dsa-1696 - Mailing List, Third Party Advisory | |
References | () http://www.debian.org/security/2009/dsa-1697 - Mailing List, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Broken Link, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Broken Link, Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Broken Link, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0976.html - Broken Link, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0977.html - Broken Link, Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0978.html - Broken Link, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/32281 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1021186 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2008/3146 - Broken Link, Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2009/0977 - Broken Link, Third Party Advisory | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Broken Link, Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Mailing List, Third Party Advisory | |
References | () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Mailing List, Third Party Advisory |
Information
Published : 2008-11-13 11:30
Updated : 2024-02-02 17:07
NVD link : CVE-2008-5021
Mitre link : CVE-2008-5021
CVE.ORG link : CVE-2008-5021
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
opensuse
- opensuse
suse
- linux_enterprise_desktop
- linux_enterprise_software_development_kit
- linux_enterprise_server
- linux_enterprise_debuginfo
novell
- linux_desktop
- open_enterprise_server
mozilla
- thunderbird
- seamonkey
- firefox
canonical
- ubuntu_linux
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')