Unrated severityNVD Advisory· Published Nov 13, 2008· Updated Apr 23, 2026
CVE-2008-5015
CVE-2008-5015
Description
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Affected products
7cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.0.3
- cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
19- www.mozilla.org/security/announce/2008/mfsa2008-51.htmlnvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA08-319A.htmlnvdUS Government Resource
- lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlnvd
- secunia.com/advisories/32695nvd
- secunia.com/advisories/32713nvd
- secunia.com/advisories/32721nvd
- secunia.com/advisories/32778nvd
- secunia.com/advisories/34501nvd
- sunsolve.sun.com/search/document.donvd
- ubuntu.com/usn/usn-667-1nvd
- www.mandriva.com/security/advisoriesnvd
- www.redhat.com/support/errata/RHSA-2008-0978.htmlnvd
- www.securityfocus.com/bid/32281nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/3146nvd
- www.vupen.com/english/advisories/2009/0977nvd
- bugzilla.mozilla.org/show_bug.cginvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11063nvd
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlnvd
News mentions
0No linked articles in our index yet.