CVE-2008-5511

Sažetak

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

Reference

http://www.mozilla.org/security/announce/2008/mfsa2008-68.html
https://bugzilla.mozilla.org/show_bug.cgi?id=451680
https://bugzilla.mozilla.org/show_bug.cgi?id=464174
http://secunia.com/advisories/33231
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33433
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
http://www.ubuntu.com/usn/usn-690-2
http://www.redhat.com/support/errata/RHSA-2008-1037.html
http://secunia.com/advisories/33203
http://www.securitytracker.com/id?1021418
http://www.debian.org/security/2009/dsa-1704
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
http://www.securityfocus.com/bid/32882
http://secunia.com/advisories/33523
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
http://secunia.com/advisories/33184
http://secunia.com/advisories/33205
http://secunia.com/advisories/33188
http://www.redhat.com/support/errata/RHSA-2008-1036.html
http://secunia.com/advisories/33189
http://secunia.com/advisories/33232
http://secunia.com/advisories/33547
http://secunia.com/advisories/33216
http://www.debian.org/security/2009/dsa-1707
http://secunia.com/advisories/33204
http://www.redhat.com/support/errata/RHSA-2009-0002.html
http://secunia.com/advisories/33421
http://secunia.com/advisories/33434
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
http://secunia.com/advisories/35080
http://www.ubuntu.com/usn/usn-701-2
http://www.ubuntu.com/usn/usn-701-1
http://secunia.com/advisories/33408
http://secunia.com/advisories/33415
https://exchange.xforce.ibmcloud.com/vulnerabilities/47417
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881
https://usn.ubuntu.com/690-3/
https://usn.ubuntu.com/690-1/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

13-02-2023 - 02:19

Objavljeno

17-12-2008 - 23:30