Home > Vulnerability Database > CVE-2008-5023

Mend.io Vulnerability Database

CVE-2008-5023

Date: November 13, 2008

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

Severity Score

7.3

Related Resources (34)

Url: http://secunia.com/advisories/32695

Url: http://secunia.com/advisories/32694

Url: http://secunia.com/advisories/32693

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5023

Url: https://access.redhat.com/security/cve/CVE-2008-5023

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Url: http://secunia.com/advisories/32714

Url: http://secunia.com/advisories/32713

Url: http://www.redhat.com/support/errata/RHSA-2008-0978.html

Url: http://secunia.com/advisories/32778

Url: http://secunia.com/advisories/32853

Url: http://www.securityfocus.com/bid/32281

Url: http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

Url: http://ubuntu.com/usn/usn-667-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5023

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://www.redhat.com/support/errata/RHSA-2008-0977.html

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/32684

Url: http://secunia.com/advisories/34501

Url: http://www.securitytracker.com/id?1021189

Url: http://www.debian.org/security/2008/dsa-1671

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

Url: http://secunia.com/advisories/32845

Url: http://secunia.com/advisories/32721

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-57.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=424733

Url: http://www.vupen.com/english/advisories/2008/3146

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

Url: https://www.mend.io/vulnerability-database/CVE-2008-5023

Severity Score

7.3

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-5023

Date: November 13, 2008

Severity Score

Related Resources (34)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?