CVE-2008-5510

CVSS v2.0 5 (Medium)

EPSS 0.52 % (77^th)

Affected Products 5

Advisories 13

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.

Weaknesses

CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-12-17 23:30:00
(15 years ago)
Updated Date: 2018-11-08 20:12:31
(5 years ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:firefox	>= 2.0	< 2.0.0.19
Mozilla Firefox from 3.0 version and prior 3.0.5 version	cpe:2.3:a:mozilla:firefox	>= 3.0	< 3.0.5
Mozilla Seamonkey from 1.0 version and prior 1.1.14 version	cpe:2.3:a:mozilla:seamonkey	>= 1.0	< 1.1.14
Mozilla Thunderbird from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:thunderbird	>= 2.0	< 2.0.0.19

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts
	Canonical Ubuntu Linux 8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0