CVE-2008-5019 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	2.0 ≤ 𝑥 < 2.0.0.18
mozilla	firefox	3.0 ≤ 𝑥 < 3.0.4
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 released
gutsy	Fixed 2.0.0.18+nobinonly-0ubuntu0.7.10 released
hardy	Fixed 2.0.0.18+nobinonly-0ubuntu0.8.04.1 released
intrepid	dne

firefox-3.0

dapper	dne
gutsy	ignored
hardy	Fixed 3.0.4+nobinonly-0ubuntu0.8.04.1 released
intrepid	Fixed 3.0.4+nobinonly-0ubuntu0.8.10.1 released

iceape

dapper	dne
gutsy	ignored
hardy	dne
intrepid	dne

iceweasel

dapper	dne
gutsy	dne
hardy	dne
intrepid	dne

seamonkey

dapper	dne
gutsy	dne
hardy	Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2 released
intrepid	Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2 released

xulrunner

dapper	dne
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
intrepid	Fixed 1.8.1.16+nobinonly-0ubuntu1 released

xulrunner-1.9

dapper	dne
gutsy	ignored
hardy	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.04.1 released
intrepid	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.10.1 released

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-53.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021184

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-53.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021184

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/buglist.cgi?bug_id=459906%2C460983

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10943

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html