CVE-2008-5503

high

Description

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

References

https://usn.ubuntu.com/690-3/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11423

https://exchange.xforce.ibmcloud.com/vulnerabilities/47409

https://bugzilla.mozilla.org/show_bug.cgi?id=379959

http://www.vupen.com/english/advisories/2009/0977

http://www.ubuntu.com/usn/usn-701-2

http://www.ubuntu.com/usn/usn-701-1

http://www.ubuntu.com/usn/usn-690-2

http://www.securitytracker.com/id?1021424

http://www.securityfocus.com/bid/32882

http://www.redhat.com/support/errata/RHSA-2009-0002.html

http://www.redhat.com/support/errata/RHSA-2008-1037.html

http://www.mozilla.org/security/announce/2008/mfsa2008-61.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

http://www.debian.org/security/2009/dsa-1707

http://www.debian.org/security/2009/dsa-1704

http://www.debian.org/security/2009/dsa-1697

http://www.debian.org/security/2009/dsa-1696

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://secunia.com/advisories/35080

http://secunia.com/advisories/34501

http://secunia.com/advisories/33547

http://secunia.com/advisories/33523

http://secunia.com/advisories/33434

http://secunia.com/advisories/33433

http://secunia.com/advisories/33421

http://secunia.com/advisories/33415

http://secunia.com/advisories/33408

http://secunia.com/advisories/33232

http://secunia.com/advisories/33231

http://secunia.com/advisories/33205

http://secunia.com/advisories/33204

http://secunia.com/advisories/33189

http://secunia.com/advisories/33184

Details

Source: Mitre, NVD

Published: 2008-12-17

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High