CVE-2008-5021

Severity

93%

Complexity

86%

Confidentiality

165%

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 16 years ago

2008-11-13 11:30:00

Last updated 6 years ago

2018-11-02 13:48:00

Affected Software

Mozilla Firefox

Mozilla SeaMonkey

Mozilla Thunderbird

Debian GNU/Linux 4.0

4.0

Canonical Ubuntu Linux 6.06 LTS (Long-Term Support)

6.06

Canonical Ubuntu Linux 7.10

7.10

Canonical Ubuntu Linux 8.04 LTS (Long-Term Support)

8.04

Canonical Ubuntu Linux 8.10

8.10

References

SUSE-SA:2008:055

Third Party Advisory

32684

Third Party Advisory

32693

Third Party Advisory

32694

Third Party Advisory

32695

Third Party Advisory

32713

Third Party Advisory

32714

Third Party Advisory

32715

Third Party Advisory

32721

Third Party Advisory

32778

Third Party Advisory

32798

Third Party Advisory

32845

Third Party Advisory

32853

Third Party Advisory

33433

Third Party Advisory

33434

Third Party Advisory

34501

Third Party Advisory

256408

Broken Link

USN-667-1

Third Party Advisory

DSA-1669

Third Party Advisory

DSA-1671

Third Party Advisory

DSA-1696

Third Party Advisory

DSA-1697

Third Party Advisory

MDVSA-2008:228

Third Party Advisory

MDVSA-2008:230

Third Party Advisory

MDVSA-2008:235

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-55.html

Vendor Advisory

RHSA-2008:0976

Third Party Advisory

RHSA-2008:0977

Third Party Advisory

RHSA-2008:0978

Third Party Advisory

32281

Third Party Advisory, VDB Entry

1021186

Third Party Advisory, VDB Entry

TA08-319A

Third Party Advisory, US Government Resource

ADV-2008-3146

Third Party Advisory

ADV-2009-0977

Third Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=460002

Issue Tracking, Vendor Advisory

oval:org.mitre.oval:def:9642

Third Party Advisory

FEDORA-2008-9667

Third Party Advisory

FEDORA-2008-9669

Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.