CVE-2008-5023

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

Published: Nov 13, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5023
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mozilla / firefox	2.0	2.0.0.18
mozilla / firefox	3.0	3.0.4
mozilla / seamonkey	1.0	1.1.13
debian / debian_linux	4.0	4.0.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	7.10	7.10.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	8.10	8.10.x

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
http://secunia.com/advisories/32684
http://secunia.com/advisories/32693
http://secunia.com/advisories/32694
http://secunia.com/advisories/32695
http://secunia.com/advisories/32713
http://secunia.com/advisories/32714
http://secunia.com/advisories/32721
http://secunia.com/advisories/32778
http://secunia.com/advisories/32845
http://secunia.com/advisories/32853
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://ubuntu.com/usn/usn-667-1
http://www.debian.org/security/2008/dsa-1669
http://www.debian.org/security/2008/dsa-1671
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230
http://www.mozilla.org/security/announce/2008/mfsa2008-57.html
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.redhat.com/support/errata/RHSA-2008-0978.html
http://www.securityfocus.com/bid/32281
http://www.securitytracker.com/id?1021189
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
http://www.vupen.com/english/advisories/2008/3146
http://www.vupen.com/english/advisories/2009/0977
https://bugzilla.mozilla.org/show_bug.cgi?id=424733
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Vulnerability Database

290,206

CVE-2008-5023