1. Home
  2. Vulnerabilities
  3. CVE-2008-5015

CVE-2008-5015

CVSS v2.0 5.1 (Medium)
51% Progress
EPSS 2.30 % (90th)
2.30% Progress
Affected Products 1
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-11-13 11:30:01
(16 years ago)
Updated Date
2017-09-29 01:32:25
(7 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox 3.0.3 and prior versions cpe:2.3:a:mozilla:firefox <= 3.0.3
  Mozilla Firefox 3.0 cpe:2.3:a:mozilla:firefox:3.0
  Mozilla Firefox 3.0 Alpha cpe:2.3:a:mozilla:firefox:3.0:alpha
  Mozilla Firefox 3.0 Beta2 cpe:2.3:a:mozilla:firefox:3.0:beta2
  Mozilla Firefox 3.0 Beta5 cpe:2.3:a:mozilla:firefox:3.0:beta5
  Mozilla Firefox 3.0.1 cpe:2.3:a:mozilla:firefox:3.0.1
  Mozilla Firefox 3.0.2 cpe:2.3:a:mozilla:firefox:3.0.2