9.3
CVE-2008-5021
- EPSS 25.26%
- Published 13.11.2008 11:30:01
- Last modified 09.04.2025 00:30:58
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
Data is provided by the National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version >= 2.0 < 2.0.0.18
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version8.10
Fedoraproject ≫ Fedora Version8
Fedoraproject ≫ Fedora Version9
Suse ≫ Linux Enterprise Debuginfo Version10 Updatesp2
Novell ≫ Linux Desktop Version9
Novell ≫ Open Enterprise Server Version-
Suse ≫ Linux Enterprise Desktop Version10 Update-
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp1
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 25.26% | 0.96 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.