OpenCVE

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mozilla	Firefox Seamonkey Thunderbird
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:2.0:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.3:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.4:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.5:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.6:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.7:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.8:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.9:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.10:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.11:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.12:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.13:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.14:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.15:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.16:::::::*
	cpe:2.3:a:mozilla:firefox:2.0.0.17:::::::*
	cpe:2.3:a:mozilla:seamonkey::::::::
	cpe:2.3:a:mozilla:seamonkey:1.0:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.0.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1:alpha::::::
	cpe:2.3:a:mozilla:seamonkey:1.1:beta::::::
	cpe:2.3:a:mozilla:seamonkey:1.1.1:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.2:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.3:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.4:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.5:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.6:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.7:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.8:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.9:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.10:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.11:::::::*
	cpe:2.3:a:mozilla:seamonkey:1.1.12:::::::*
	cpe:2.3:a:mozilla:thunderbird::::::::
	cpe:2.3:a:mozilla:thunderbird:2.0.0.0:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.4:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.5:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.6:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.9:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.12:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.14:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.16:::::::*
	cpe:2.3:a:mozilla:thunderbird:2.0.0.17:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 2.1
seamonkey-0:1.0.9-0.25.el2	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2008:1037	2008-12-17T00:00:00Z
Red Hat Enterprise Linux 3
seamonkey-0:1.0.9-0.29.el3	cpe:/o:redhat:enterprise_linux:3	RHSA-2008:1037	2008-12-17T00:00:00Z
Red Hat Enterprise Linux 4
seamonkey-0:1.0.9-32.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2008:1037	2008-12-17T00:00:00Z
thunderbird-0:1.5.0.12-18.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0002	2009-01-07T00:00:00Z
Red Hat Enterprise Linux 5
thunderbird-0:2.0.0.19-1.el5_2	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0002	2009-01-07T00:00:00Z

References

Link	Providers
http://secunia.com/advisories/33184
http://secunia.com/advisories/33189
http://secunia.com/advisories/33204
http://secunia.com/advisories/33205
http://secunia.com/advisories/33231
http://secunia.com/advisories/33232
http://secunia.com/advisories/33408
http://secunia.com/advisories/33415
http://secunia.com/advisories/33421
http://secunia.com/advisories/33433
http://secunia.com/advisories/33434
http://secunia.com/advisories/33523
http://secunia.com/advisories/33547
http://secunia.com/advisories/34501
http://secunia.com/advisories/35080
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
http://www.debian.org/security/2009/dsa-1696
http://www.debian.org/security/2009/dsa-1697
http://www.debian.org/security/2009/dsa-1704
http://www.debian.org/security/2009/dsa-1707
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012
http://www.mozilla.org/security/announce/2008/mfsa2008-61.html
http://www.redhat.com/support/errata/RHSA-2008-1037.html
http://www.redhat.com/support/errata/RHSA-2009-0002.html
http://www.securityfocus.com/bid/32882
http://www.securitytracker.com/id?1021424
http://www.ubuntu.com/usn/usn-690-2
http://www.ubuntu.com/usn/usn-701-1
http://www.ubuntu.com/usn/usn-701-2
http://www.vupen.com/english/advisories/2009/0977
https://bugzilla.mozilla.org/show_bug.cgi?id=379959
https://exchange.xforce.ibmcloud.com/vulnerabilities/47409
https://nvd.nist.gov/vuln/detail/CVE-2008-5503
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11423
https://usn.ubuntu.com/690-3/
https://www.cve.org/CVERecord?id=CVE-2008-5503

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-12-17T23:00:00

Updated: 2024-08-07T10:56:46.685Z

Reserved: 2008-12-12T00:00:00

Link: CVE-2008-5503

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-12-17T23:30:00.500

Modified: 2024-11-21T00:54:12.417

Link: CVE-2008-5503

Redhat

Severity : Moderate

Publid Date: 2008-12-16T00:00:00Z

Links: CVE-2008-5503 - Bugzilla

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object