CVE-2008-5511

CVSS v2.0 4.3 (Medium)

EPSS 0.90 % (83^th)

Affected Products 5

Advisories 14

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-12-17 23:30:00
(15 years ago)
Updated Date: 2023-02-13 02:19:34
(19 months ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:firefox	>= 2.0	< 2.0.0.19
Mozilla Firefox from 3.0 version and prior 3.0.5 version	cpe:2.3:a:mozilla:firefox	>= 3.0	< 3.0.5
Mozilla Seamonkey from 1.0 version and prior 1.1.14 version	cpe:2.3:a:mozilla:seamonkey	>= 1.0	< 1.1.14
Mozilla Thunderbird from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:thunderbird	>= 2.0	< 2.0.0.19

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::*:lts
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts
	Canonical Ubuntu Linux 8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0