4.3

CVE-2008-5511

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

Data is provided by the National Vulnerability Database (NVD)
MozillaFirefox Version >= 2.0 < 2.0.0.19
MozillaFirefox Version >= 3.0 < 3.0.5
MozillaSeamonkey Version >= 1.0 < 1.1.14
MozillaThunderbird Version >= 2.0 < 2.0.0.19
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
CanonicalUbuntu Linux Version8.10
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.8% 0.811
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/32882
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/690-1/
Third Party Advisory
https://usn.ubuntu.com/690-3/
Third Party Advisory
http://www.securitytracker.com/id?1021418
Third Party Advisory
VDB Entry