Unrated severityNVD Advisory· Published Nov 13, 2008· Updated Apr 23, 2026
CVE-2008-5022
CVE-2008-5022
Description
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
Affected products
8cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
38- lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlnvdThird Party Advisory
- secunia.com/advisories/32684nvdThird Party Advisory
- secunia.com/advisories/32693nvdThird Party Advisory
- secunia.com/advisories/32694nvdThird Party Advisory
- secunia.com/advisories/32695nvdThird Party Advisory
- secunia.com/advisories/32713nvdThird Party Advisory
- secunia.com/advisories/32714nvdThird Party Advisory
- secunia.com/advisories/32715nvdThird Party Advisory
- secunia.com/advisories/32721nvdThird Party Advisory
- secunia.com/advisories/32778nvdThird Party Advisory
- secunia.com/advisories/32798nvdThird Party Advisory
- secunia.com/advisories/32845nvdThird Party Advisory
- secunia.com/advisories/32853nvdThird Party Advisory
- secunia.com/advisories/33433nvdThird Party Advisory
- secunia.com/advisories/33434nvdThird Party Advisory
- secunia.com/advisories/34501nvdThird Party Advisory
- ubuntu.com/usn/usn-667-1nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1669nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1671nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1696nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1697nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2008/mfsa2008-56.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0976.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0977.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0978.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/32281nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-319A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2008/3146nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/0977nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11186nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlnvdThird Party Advisory
- sunsolve.sun.com/search/document.donvdBroken Link
News mentions
0No linked articles in our index yet.