CVE-2008-5021

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2008-5021
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html Mailing List Third Party Advisory
http://secunia.com/advisories/32684 Broken Link Third Party Advisory
http://secunia.com/advisories/32693 Broken Link Third Party Advisory
http://secunia.com/advisories/32694 Broken Link Third Party Advisory
http://secunia.com/advisories/32695 Broken Link Third Party Advisory
http://secunia.com/advisories/32713 Broken Link Third Party Advisory
http://secunia.com/advisories/32714 Broken Link Third Party Advisory
http://secunia.com/advisories/32715 Broken Link Third Party Advisory
http://secunia.com/advisories/32721 Broken Link Third Party Advisory
http://secunia.com/advisories/32778 Broken Link Third Party Advisory
http://secunia.com/advisories/32798 Broken Link Third Party Advisory
http://secunia.com/advisories/32845 Broken Link Third Party Advisory
http://secunia.com/advisories/32853 Broken Link Third Party Advisory
http://secunia.com/advisories/33433 Broken Link Third Party Advisory
http://secunia.com/advisories/33434 Broken Link Third Party Advisory
http://secunia.com/advisories/34501 Broken Link Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link
http://ubuntu.com/usn/usn-667-1 Third Party Advisory
http://www.debian.org/security/2008/dsa-1669 Mailing List Third Party Advisory
http://www.debian.org/security/2008/dsa-1671 Mailing List Third Party Advisory
http://www.debian.org/security/2009/dsa-1696 Mailing List Third Party Advisory
http://www.debian.org/security/2009/dsa-1697 Mailing List Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 Broken Link Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0976.html Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0977.html Broken Link Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0978.html Broken Link Third Party Advisory
http://www.securityfocus.com/bid/32281 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1021186 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA08-319A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2008/3146 Broken Link Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977 Broken Link Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=460002 Issue Tracking Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Broken Link Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html Mailing List Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
History

02 Feb 2024, 17:07

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/32684 - Third Party Advisory () http://secunia.com/advisories/32684 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32693 - Third Party Advisory () http://secunia.com/advisories/32693 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32694 - Third Party Advisory () http://secunia.com/advisories/32694 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32695 - Third Party Advisory () http://secunia.com/advisories/32695 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32713 - Third Party Advisory () http://secunia.com/advisories/32713 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32714 - Third Party Advisory () http://secunia.com/advisories/32714 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32715 - Third Party Advisory () http://secunia.com/advisories/32715 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32721 - Third Party Advisory () http://secunia.com/advisories/32721 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32778 - Third Party Advisory () http://secunia.com/advisories/32778 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32798 - Third Party Advisory () http://secunia.com/advisories/32798 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32845 - Third Party Advisory () http://secunia.com/advisories/32845 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/32853 - Third Party Advisory () http://secunia.com/advisories/32853 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/33433 - Third Party Advisory () http://secunia.com/advisories/33433 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/33434 - Third Party Advisory () http://secunia.com/advisories/33434 - Broken Link, Third Party Advisory
References () http://secunia.com/advisories/34501 - Third Party Advisory () http://secunia.com/advisories/34501 - Broken Link, Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1669 - Third Party Advisory () http://www.debian.org/security/2008/dsa-1669 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2008/dsa-1671 - Third Party Advisory () http://www.debian.org/security/2008/dsa-1671 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2009/dsa-1696 - Third Party Advisory () http://www.debian.org/security/2009/dsa-1696 - Mailing List, Third Party Advisory
References () http://www.debian.org/security/2009/dsa-1697 - Third Party Advisory () http://www.debian.org/security/2009/dsa-1697 - Mailing List, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Broken Link, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Broken Link, Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Third Party Advisory () http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0976.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0976.html - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0977.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0977.html - Broken Link, Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2008-0978.html - Third Party Advisory () http://www.redhat.com/support/errata/RHSA-2008-0978.html - Broken Link, Third Party Advisory
References () http://www.securityfocus.com/bid/32281 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/32281 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1021186 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1021186 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2008/3146 - Third Party Advisory () http://www.vupen.com/english/advisories/2008/3146 - Broken Link, Third Party Advisory
References () http://www.vupen.com/english/advisories/2009/0977 - Third Party Advisory () http://www.vupen.com/english/advisories/2009/0977 - Broken Link, Third Party Advisory
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Broken Link, Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Mailing List, Third Party Advisory
References () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Mailing List, Third Party Advisory
First Time Suse linux Enterprise Debuginfo
Fedoraproject fedora
Novell linux Desktop
Suse
Novell open Enterprise Server
Suse linux Enterprise Desktop
Suse linux Enterprise Software Development Kit
Opensuse opensuse
Fedoraproject
Novell
Suse linux Enterprise Server
Opensuse
CWE CWE-399 CWE-362
CPE cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
Information

Published : 2008-11-13 11:30

Updated : 2024-02-02 17:07

NVD link : CVE-2008-5021

Mitre link : CVE-2008-5021

CVE.ORG link : CVE-2008-5021

JSON object : View

Products Affected

fedoraproject

  • fedora

suse

  • linux_enterprise_server
  • linux_enterprise_debuginfo
  • linux_enterprise_desktop
  • linux_enterprise_software_development_kit

novell

  • linux_desktop
  • open_enterprise_server

mozilla

  • seamonkey
  • thunderbird
  • firefox

opensuse

  • opensuse

canonical

  • ubuntu_linux

debian

  • debian_linux
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')