CVE-2008-5021

Published: Nov 13, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

Affected (22)

Products: Mozilla: Firefox, Seamonkey, Thunderbird · Debian: Debian Linux · Canonical: Ubuntu Linux · +4 more

Show all products

3 products

1 product

1 product

1 product

2 products

Open Enterprise Server

Opensuse

1 product

Opensuse

Suse

4 products

Linux Enterprise Debuginfo

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	From 2.0 to 2.0.0.18
Mozilla Firefox	From 3.0 to 3.0.4
Mozilla Seamonkey	From 1.0 to 1.1.13
Mozilla Thunderbird	From 2.0 to 2.0.0.18

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 7.10
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 8
Fedoraproject Fedora	Version 9

Configuration E

11 vulnerable

Vulnerable Software	Affected Versions
Novell Linux Desktop	Version 9
Novell Open Enterprise Server	All versions
Opensuse Opensuse	Version 10.2
Opensuse Opensuse	Version 10.3
Opensuse Opensuse	Version 11.0
Suse Linux Enterprise Debuginfo	Version 10 sp2
Suse Linux Enterprise Desktop	Version 10
Suse Linux Enterprise Server	Version 10 sp1
Suse Linux Enterprise Server	Version 9
Suse Linux Enterprise Software Development Kit	Version 10 sp1
Suse Linux Enterprise Software Development Kit	Version 10 sp2

Related CWEs

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References (76)

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/32684

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32693

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32694

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32695

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32713

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32714

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32715

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32721

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32778

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32798

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32845

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/32853

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/33433

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/33434

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://secunia.com/advisories/34501

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: secalert@redhat.com

Broken Link

http://ubuntu.com/usn/usn-667-1

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2008/dsa-1669

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2008/dsa-1671

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2009/dsa-1696

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.debian.org/security/2009/dsa-1697

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:235

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-55.html

Source: secalert@redhat.com

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0976.html

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0977.html

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0978.html

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.securityfocus.com/bid/32281

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021186

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Source: secalert@redhat.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/3146

Source: secalert@redhat.com

Broken LinkThird Party Advisory

http://www.vupen.com/english/advisories/2009/0977

Source: secalert@redhat.com

Broken LinkThird Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=460002

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642

Source: secalert@redhat.com

Broken LinkThird Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://secunia.com/advisories/32684

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32693

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32694

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32695

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32713

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32714

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32715

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32721

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32778

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32798

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32845

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/32853

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/33433

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/33434

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://secunia.com/advisories/34501

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://ubuntu.com/usn/usn-667-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.debian.org/security/2008/dsa-1669

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.debian.org/security/2008/dsa-1671

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.debian.org/security/2009/dsa-1696

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.debian.org/security/2009/dsa-1697

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:235

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-55.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2008-0976.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0977.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0978.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.securityfocus.com/bid/32281

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1021186

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2008/3146

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

http://www.vupen.com/english/advisories/2009/0977

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=460002

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.