Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5015

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-5015
Last Modified 30 Oct 2012 11:06:30
Published 13 Nov 2008 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-5015

Summary

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

Vulnerable Systems

Application

  • Mozilla Firefox 3.0

  • Mozilla Firefox 3.0.1

  • Mozilla Firefox 3.0.2

  • Mozilla Firefox 3.0.3


References

CERT - TA08-319A

FEDORA - FEDORA-2008-9669

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=447579

VUPEN - ADV-2009-0977

VUPEN - ADV-2008-3146

SECTRACK - 1021191

BID - 32281

REDHAT - RHSA-2008:0978

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-51.html

SUNALERT - 256408

SECUNIA - 34501

SECUNIA - 32721

SECUNIA - 32695

SUSE - SUSE-SA:2008:055

MANDRIVA - MDVSA-2008:230

UBUNTU - USN-667-1

SECUNIA - 32778

SECUNIA - 32713

Related Patches

Novell SUSE 2008:5786 MozillaFirefox security update for SLE 10 i586


Last Updated: 27 May 2016 10:49:46