CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html	Mailing List Third Party Advisory
http://secunia.com/advisories/32684	Broken Link Third Party Advisory
http://secunia.com/advisories/32693	Broken Link Third Party Advisory
http://secunia.com/advisories/32694	Broken Link Third Party Advisory
http://secunia.com/advisories/32695	Broken Link Third Party Advisory
http://secunia.com/advisories/32713	Broken Link Third Party Advisory
http://secunia.com/advisories/32714	Broken Link Third Party Advisory
http://secunia.com/advisories/32715	Broken Link Third Party Advisory
http://secunia.com/advisories/32721	Broken Link Third Party Advisory
http://secunia.com/advisories/32778	Broken Link Third Party Advisory
http://secunia.com/advisories/32798	Broken Link Third Party Advisory
http://secunia.com/advisories/32845	Broken Link Third Party Advisory
http://secunia.com/advisories/32853	Broken Link Third Party Advisory
http://secunia.com/advisories/33433	Broken Link Third Party Advisory
http://secunia.com/advisories/33434	Broken Link Third Party Advisory
http://secunia.com/advisories/34501	Broken Link Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1	Broken Link
http://ubuntu.com/usn/usn-667-1	Third Party Advisory
http://www.debian.org/security/2008/dsa-1669	Mailing List Third Party Advisory
http://www.debian.org/security/2008/dsa-1671	Mailing List Third Party Advisory
http://www.debian.org/security/2009/dsa-1696	Mailing List Third Party Advisory
http://www.debian.org/security/2009/dsa-1697	Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228	Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230	Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235	Broken Link Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0976.html	Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0977.html	Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0978.html	Broken Link Third Party Advisory
http://www.securityfocus.com/bid/32281	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021186	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-319A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/3146	Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977	Broken Link Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=460002	Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642	Broken Link Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html	Mailing List Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:8:::::::*
	cpe:2.3:o:fedoraproject:fedora:9:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2::::::
	cpe:2.3:o:novell:linux_desktop:9:::::::*
	cpe:2.3:o:novell:open_enterprise_server:-:::::::*
	cpe:2.3:o:opensuse:opensuse:10.2:::::::*
	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:9:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2::::::

History

02 Feb 2024, 17:07

Type	Values Removed	Values Added
First Time		Opensuse opensuse Suse linux Enterprise Desktop Novell Suse linux Enterprise Server Fedoraproject fedora Novell linux Desktop Novell open Enterprise Server Opensuse Fedoraproject Suse Suse linux Enterprise Software Development Kit Suse linux Enterprise Debuginfo
CWE	~~CWE-399~~	CWE-362
CPE		cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:::::: cpe:2.3:o:fedoraproject:fedora:8:::::::* cpe:2.3:o:suse:linux_enterprise_desktop:10:-:::::: cpe:2.3:o:opensuse:opensuse:10.2:::::::* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:::::: cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:::::: cpe:2.3:o:suse:linux_enterprise_server:10:sp1:::::: cpe:2.3:o:novell:open_enterprise_server:-:::::::* cpe:2.3:o:opensuse:opensuse:10.3:::::::* cpe:2.3:o:novell:linux_desktop:9:::::::* cpe:2.3:o:fedoraproject:fedora:9:::::::* cpe:2.3:o:suse:linux_enterprise_server:9:::::::* cpe:2.3:o:opensuse:opensuse:11.0:::::::*
References	~~() http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Mailing List, Third Party Advisory
References	~~() http://secunia.com/advisories/32684 - Third Party Advisory~~	() http://secunia.com/advisories/32684 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32693 - Third Party Advisory~~	() http://secunia.com/advisories/32693 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32694 - Third Party Advisory~~	() http://secunia.com/advisories/32694 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32695 - Third Party Advisory~~	() http://secunia.com/advisories/32695 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32713 - Third Party Advisory~~	() http://secunia.com/advisories/32713 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32714 - Third Party Advisory~~	() http://secunia.com/advisories/32714 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32715 - Third Party Advisory~~	() http://secunia.com/advisories/32715 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32721 - Third Party Advisory~~	() http://secunia.com/advisories/32721 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32778 - Third Party Advisory~~	() http://secunia.com/advisories/32778 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32798 - Third Party Advisory~~	() http://secunia.com/advisories/32798 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32845 - Third Party Advisory~~	() http://secunia.com/advisories/32845 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/32853 - Third Party Advisory~~	() http://secunia.com/advisories/32853 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/33433 - Third Party Advisory~~	() http://secunia.com/advisories/33433 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/33434 - Third Party Advisory~~	() http://secunia.com/advisories/33434 - Broken Link, Third Party Advisory
References	~~() http://secunia.com/advisories/34501 - Third Party Advisory~~	() http://secunia.com/advisories/34501 - Broken Link, Third Party Advisory
References	~~() http://www.debian.org/security/2008/dsa-1669 - Third Party Advisory~~	() http://www.debian.org/security/2008/dsa-1669 - Mailing List, Third Party Advisory
References	~~() http://www.debian.org/security/2008/dsa-1671 - Third Party Advisory~~	() http://www.debian.org/security/2008/dsa-1671 - Mailing List, Third Party Advisory
References	~~() http://www.debian.org/security/2009/dsa-1696 - Third Party Advisory~~	() http://www.debian.org/security/2009/dsa-1696 - Mailing List, Third Party Advisory
References	~~() http://www.debian.org/security/2009/dsa-1697 - Third Party Advisory~~	() http://www.debian.org/security/2009/dsa-1697 - Mailing List, Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Third Party Advisory~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Broken Link, Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Third Party Advisory~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Broken Link, Third Party Advisory
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Third Party Advisory~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Broken Link, Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2008-0976.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2008-0976.html - Broken Link, Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2008-0977.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2008-0977.html - Broken Link, Third Party Advisory
References	~~() http://www.redhat.com/support/errata/RHSA-2008-0978.html - Third Party Advisory~~	() http://www.redhat.com/support/errata/RHSA-2008-0978.html - Broken Link, Third Party Advisory
References	~~() http://www.securityfocus.com/bid/32281 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/32281 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1021186 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id?1021186 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.vupen.com/english/advisories/2008/3146 - Third Party Advisory~~	() http://www.vupen.com/english/advisories/2008/3146 - Broken Link, Third Party Advisory
References	~~() http://www.vupen.com/english/advisories/2009/0977 - Third Party Advisory~~	() http://www.vupen.com/english/advisories/2009/0977 - Broken Link, Third Party Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Third Party Advisory~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Broken Link, Third Party Advisory
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Third Party Advisory~~	() https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Mailing List, Third Party Advisory
References	~~() https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Third Party Advisory~~	() https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Mailing List, Third Party Advisory

Information

Published : 2008-11-13 11:30

Updated : 2024-02-02 17:07

NVD link : CVE-2008-5021

Mitre link : CVE-2008-5021

CVE.ORG link : CVE-2008-5021

JSON object : View

Products Affected

debian

debian_linux

fedoraproject

fedora

opensuse

opensuse

suse

linux_enterprise_desktop
linux_enterprise_software_development_kit
linux_enterprise_server
linux_enterprise_debuginfo

novell

linux_desktop
open_enterprise_server

mozilla

thunderbird
seamonkey
firefox

canonical

ubuntu_linux

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

9.3 /10