nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
02 Feb 2024, 17:07
Type | Values Removed | Values Added |
---|---|---|
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1696 - Mailing List, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1021186 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/32853 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32713 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32693 - Broken Link, Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0976.html - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32715 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32694 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32684 - Broken Link, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 - Broken Link, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1671 - Mailing List, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 - Broken Link, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/3146 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32798 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32845 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32714 - Broken Link, Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0977.html - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/33433 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32778 - Broken Link, Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0978.html - Broken Link, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1697 - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/32281 - Broken Link, Third Party Advisory, VDB Entry | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32721 - Broken Link, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1669 - Mailing List, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/0977 - Broken Link, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html - Mailing List, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34501 - Broken Link, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/33434 - Broken Link, Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/32695 - Broken Link, Third Party Advisory | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 - Broken Link, Third Party Advisory | |
CWE | CWE-362 | |
CPE | cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:* cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:* cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:* |
|
First Time |
Suse linux Enterprise Debuginfo
Suse linux Enterprise Desktop Suse Novell open Enterprise Server Fedoraproject fedora Novell Opensuse opensuse Fedoraproject Suse linux Enterprise Server Opensuse Suse linux Enterprise Software Development Kit Novell linux Desktop |
Information
Published : 2008-11-13 11:30
Updated : 2024-02-28 11:21
NVD link : CVE-2008-5021
Mitre link : CVE-2008-5021
CVE.ORG link : CVE-2008-5021
JSON object : View
Products Affected
suse
- linux_enterprise_debuginfo
- linux_enterprise_desktop
- linux_enterprise_software_development_kit
- linux_enterprise_server
opensuse
- opensuse
novell
- linux_desktop
- open_enterprise_server
debian
- debian_linux
mozilla
- seamonkey
- thunderbird
- firefox
canonical
- ubuntu_linux
fedoraproject
- fedora
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')