1. Home
  2. Vulnerabilities
  3. CVE-2008-5021

CVE-2008-5021

CVSS v2.0 9.3 (High)
93% Progress
EPSS 83.61 % (99th)
83.61% Progress
Affected Products 13
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

Weaknesses
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2008-11-13 11:30:01
(16 years ago)
Updated Date
2024-02-02 17:07:05
(7 months ago)

Affected Products

Canonical

Debian

Fedoraproject

Mozilla

Novell

Opensuse

Suse

Configuration #1

    CPE23 From Up To
  Mozilla Firefox from 2.0 version and prior 2.0.0.18 version cpe:2.3:a:mozilla:firefox >= 2.0 < 2.0.0.18
  Mozilla Firefox from 3.0 version and prior 3.0.4 version cpe:2.3:a:mozilla:firefox >= 3.0 < 3.0.4
  Mozilla Seamonkey from 1.0 version and prior 1.1.13 version cpe:2.3:a:mozilla:seamonkey >= 1.0 < 1.1.13
  Mozilla Thunderbird from 2.0 version and prior 2.0.0.18 version cpe:2.3:a:mozilla:thunderbird >= 2.0 < 2.0.0.18

Configuration #2

    CPE23 From Up To
  Debian Linux 4.0 cpe:2.3:o:debian:debian_linux:4.0

Configuration #3

    CPE23 From Up To
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts
  Canonical Ubuntu Linux 7.10 cpe:2.3:o:canonical:ubuntu_linux:7.10
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts
  Canonical Ubuntu Linux 8.10 cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #4

    CPE23 From Up To
  Fedoraproject Fedora 8 cpe:2.3:o:fedoraproject:fedora:8
  Fedoraproject Fedora 9 cpe:2.3:o:fedoraproject:fedora:9

Configuration #5

    CPE23 From Up To
  Suse Linux Enterprise Debuginfo 10 SP2 cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2
  Novell Linux Desktop 9 cpe:2.3:o:novell:linux_desktop:9
  Novell Open Enterprise Server cpe:2.3:o:novell:open_enterprise_server:-
  Opensuse 10.2 cpe:2.3:o:opensuse:opensuse:10.2
  Opensuse 10.3 cpe:2.3:o:opensuse:opensuse:10.3
  Opensuse 11.0 cpe:2.3:o:opensuse:opensuse:11.0
  Suse Linux Enterprise Desktop 10 cpe:2.3:o:suse:linux_enterprise_desktop:10:-
  Suse Linux Enterprise Server 9 cpe:2.3:o:suse:linux_enterprise_server:9
  Suse Linux Enterprise Server 10 SP1 cpe:2.3:o:suse:linux_enterprise_server:10:sp1
  Suse Linux Enterprise Software Development Kit 10 SP1 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1
  Suse Linux Enterprise Software Development Kit 10 SP2 cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2