CVE-2008-5023

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

• CWE-20

• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlThird Party Advisory
• http://secunia.com/advisories/32684Third Party Advisory
• http://secunia.com/advisories/32693Third Party Advisory
• http://secunia.com/advisories/32694Third Party Advisory
• http://secunia.com/advisories/32695Third Party Advisory
• http://secunia.com/advisories/32713Third Party Advisory
• http://secunia.com/advisories/32714Third Party Advisory
• http://secunia.com/advisories/32721Third Party Advisory
• http://secunia.com/advisories/32778Third Party Advisory
• http://secunia.com/advisories/32845Third Party Advisory
• http://secunia.com/advisories/32853Third Party Advisory
• http://secunia.com/advisories/34501Third Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1Broken Link
• http://ubuntu.com/usn/usn-667-1Third Party Advisory
• http://www.debian.org/security/2008/dsa-1669Third Party Advisory
• http://www.debian.org/security/2008/dsa-1671Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:228Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:230Third Party Advisory
• http://www.mozilla.org/security/announce/2008/mfsa2008-57.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0977.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0978.htmlThird Party Advisory
• http://www.securityfocus.com/bid/32281Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1021189Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA08-319A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2008/3146Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0977Third Party Advisory
• https://bugzilla.mozilla.org/show_bug.cgi?id=424733Issue Tracking, Vendor Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908Third Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlThird Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlThird Party Advisory
• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlThird Party Advisory
• http://secunia.com/advisories/32684Third Party Advisory
• http://secunia.com/advisories/32693Third Party Advisory
• http://secunia.com/advisories/32694Third Party Advisory
• http://secunia.com/advisories/32695Third Party Advisory
• http://secunia.com/advisories/32713Third Party Advisory
• http://secunia.com/advisories/32714Third Party Advisory
• http://secunia.com/advisories/32721Third Party Advisory
• http://secunia.com/advisories/32778Third Party Advisory
• http://secunia.com/advisories/32845Third Party Advisory
• http://secunia.com/advisories/32853Third Party Advisory
• http://secunia.com/advisories/34501Third Party Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1Broken Link
• http://ubuntu.com/usn/usn-667-1Third Party Advisory
• http://www.debian.org/security/2008/dsa-1669Third Party Advisory
• http://www.debian.org/security/2008/dsa-1671Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:228Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:230Third Party Advisory
• http://www.mozilla.org/security/announce/2008/mfsa2008-57.htmlVendor Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0977.htmlThird Party Advisory
• http://www.redhat.com/support/errata/RHSA-2008-0978.htmlThird Party Advisory
• http://www.securityfocus.com/bid/32281Third Party Advisory, VDB Entry
• http://www.securitytracker.com/id?1021189Third Party Advisory, VDB Entry
• http://www.us-cert.gov/cas/techalerts/TA08-319A.htmlThird Party Advisory, US Government Resource
• http://www.vupen.com/english/advisories/2008/3146Third Party Advisory
• http://www.vupen.com/english/advisories/2009/0977Third Party Advisory
• https://bugzilla.mozilla.org/show_bug.cgi?id=424733Issue Tracking, Vendor Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908Third Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.htmlThird Party Advisory
• https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.htmlThird Party Advisory

Published

Nov 13, 2008

Last Modified

Jun 16, 2026

Status

Modified