CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/32684 Broken Link Third Party Advisory
http://secunia.com/advisories/32693 Broken Link Third Party Advisory
http://secunia.com/advisories/32694 Broken Link Third Party Advisory
http://secunia.com/advisories/32695 Broken Link Third Party Advisory
http://secunia.com/advisories/32713 Broken Link Third Party Advisory
http://secunia.com/advisories/32714 Broken Link Third Party Advisory
http://secunia.com/advisories/32715 Broken Link Third Party Advisory
http://secunia.com/advisories/32721 Broken Link Third Party Advisory
http://secunia.com/advisories/32778 Broken Link Third Party Advisory
http://secunia.com/advisories/32798 Broken Link Third Party Advisory
http://secunia.com/advisories/32845 Broken Link Third Party Advisory
http://secunia.com/advisories/32853 Broken Link Third Party Advisory
http://secunia.com/advisories/33433 Broken Link Third Party Advisory
http://secunia.com/advisories/33434 Broken Link Third Party Advisory
http://secunia.com/advisories/34501 Broken Link Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link
http://ubuntu.com/usn/usn-667-1 Third Party Advisory
http://www.debian.org/security/2008/dsa-1669 Mailing List Third Party Advisory
http://www.debian.org/security/2008/dsa-1671 Mailing List Third Party Advisory
http://www.debian.org/security/2009/dsa-1696 Mailing List Third Party Advisory
http://www.debian.org/security/2009/dsa-1697 Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 Broken Link Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0976.html Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0977.html Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0978.html Broken Link Third Party Advisory
http://www.securityfocus.com/bid/32281 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021186 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-319A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/3146 Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977 Broken Link Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=460002 Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Broken Link Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html Mailing List Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*

History

02 Feb 2024, 17:07

Type Values Removed Values Added
CWE CWE-399 CWE-362
CPE cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/32684 - Third Party Advisory () http://secunia.com/advisories/32684 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32693 - Third Party Advisory () http://secunia.com/advisories/32693 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32694 - Third Party Advisory () http://secunia.com/advisories/32694 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32695 - Third Party Advisory () http://secunia.com/advisories/32695 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32713 - Third Party Advisory () http://secunia.com/advisories/32713 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32714 - Third Party Advisory () http://secunia.com/advisories/32714 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32715 - Third Party Advisory () http://secunia.com/advisories/32715 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32721 - Third Party Advisory () http://secunia.com/advisories/32721 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32778 - Third Party Advisory () http://secunia.com/advisories/32778 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32798 - Third Party Advisory () http://secunia.com/advisories/32798 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32845 - Third Party Advisory () http://secunia.com/advisories/32845 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32853 - Third Party Advisory () http://secunia.com/advisories/32853 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/33433 - Third Party Advisory () http://secunia.com/advisories/33433 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/33434 - Third Party Advisory () http://secunia.com/advisories/33434 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/34501 - Third Party Advisory () http://secunia.com/advisories/34501 - Broken Link, Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1669 - Third Party Advisory () http://www.debian.org/security/2008/dsa-1669 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1671 - Third Party Advisory () http://www.debian.org/security/2008/dsa-1671 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2009/dsa-1696 - Third Party Advisory () http://www.debian.org/security/2009/dsa-1696 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2009/dsa-1697 - Third Party Advisory () http://www.debian.org/security/2009/dsa-1697 - Mailing List, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Broken Link, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Broken Link, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0976.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0976.html - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0977.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0977.html - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0978.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0978.html - Broken Link, Third Party Advisory
References () http://www.securityfocus.com/bid/32281 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/32281 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1021186 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1021186 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2008/3146 - Third Party Advisory () http://www.vupen.com/english/advisories/2008/3146 - Broken Link, Third Party Advisory
References () http://www.vupen.com/english/advisories/2009/0977 - Third Party Advisory () http://www.vupen.com/english/advisories/2009/0977 - Broken Link, Third Party Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Broken Link, Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Mailing List, Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Mailing List, Third Party Advisory
First Time Opensuse opensuse
Suse linux Enterprise Desktop
Novell
Suse linux Enterprise Server
Fedoraproject fedora
Novell linux Desktop
Novell open Enterprise Server
Opensuse
Fedoraproject
Suse
Suse linux Enterprise Software Development Kit
Suse linux Enterprise Debuginfo

Information

Published : 2008-11-13 11:30

Updated : 2024-02-02 17:07


NVD link : CVE-2008-5021

Mitre link : CVE-2008-5021

CVE.ORG link : CVE-2008-5021


JSON object : View

Products Affected

mozilla

  • thunderbird
  • seamonkey
  • firefox

novell

  • open_enterprise_server
  • linux_desktop

suse

  • linux_enterprise_desktop
  • linux_enterprise_server
  • linux_enterprise_software_development_kit
  • linux_enterprise_debuginfo

opensuse

  • opensuse

debian

  • debian_linux

fedoraproject

  • fedora

canonical

  • ubuntu_linux
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')