Unrated severityNVD Advisory· Published Nov 13, 2008· Updated Apr 23, 2026
CVE-2008-5023
CVE-2008-5023
Description
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
30- lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlnvdThird Party Advisory
- secunia.com/advisories/32684nvdThird Party Advisory
- secunia.com/advisories/32693nvdThird Party Advisory
- secunia.com/advisories/32694nvdThird Party Advisory
- secunia.com/advisories/32695nvdThird Party Advisory
- secunia.com/advisories/32713nvdThird Party Advisory
- secunia.com/advisories/32714nvdThird Party Advisory
- secunia.com/advisories/32721nvdThird Party Advisory
- secunia.com/advisories/32778nvdThird Party Advisory
- secunia.com/advisories/32845nvdThird Party Advisory
- secunia.com/advisories/32853nvdThird Party Advisory
- secunia.com/advisories/34501nvdThird Party Advisory
- ubuntu.com/usn/usn-667-1nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1669nvdThird Party Advisory
- www.debian.org/security/2008/dsa-1671nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.mozilla.org/security/announce/2008/mfsa2008-57.htmlnvdVendor Advisory
- www.redhat.com/support/errata/RHSA-2008-0977.htmlnvdThird Party Advisory
- www.redhat.com/support/errata/RHSA-2008-0978.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/32281nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA08-319A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2008/3146nvdThird Party Advisory
- www.vupen.com/english/advisories/2009/0977nvdThird Party Advisory
- bugzilla.mozilla.org/show_bug.cginvdIssue TrackingVendor Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908nvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlnvdThird Party Advisory
- www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlnvdThird Party Advisory
- sunsolve.sun.com/search/document.donvdBroken Link
News mentions
0No linked articles in our index yet.