CVE-2008-5021 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:C/I:C/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
mozilla	firefox	2.0 ≤ 𝑥 < 2.0.0.18
mozilla	firefox	3.0 ≤ 𝑥 < 3.0.4
mozilla	seamonkey	1.0 ≤ 𝑥 < 1.1.13
mozilla	thunderbird	2.0 ≤ 𝑥 < 2.0.0.18
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
novell	open_enterprise_server	-
opensuse	opensuse	10.2
opensuse	opensuse	10.3
opensuse	opensuse	11.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

intrepid	dne
hardy	Fixed 2.0.0.18+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.18+nobinonly-0ubuntu0.7.10 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 released

firefox-3.0

intrepid	Fixed 3.0.4+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 3.0.4+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
dapper	dne

iceape

intrepid	dne
hardy	dne
gutsy	ignored
dapper	dne

icedove

intrepid	dne
hardy	dne
gutsy	dne
dapper	dne

iceweasel

intrepid	dne
hardy	dne
gutsy	dne
dapper	dne

mozilla-thunderbird

intrepid	dne
hardy	dne
gutsy	dne
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1 released

seamonkey

intrepid	Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2 released
hardy	Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2 released
gutsy	dne
dapper	dne

thunderbird

intrepid	Fixed 2.0.0.18+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 2.0.0.18+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.18+nobinonly-0ubuntu0.7.10.1 released
dapper	dne

xulrunner

intrepid	Fixed 1.8.1.16+nobinonly-0ubuntu1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
dapper	dne

xulrunner-1.9

intrepid	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
dapper	dne

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32715

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32798

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/33433

http://secunia.com/advisories/33434

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.debian.org/security/2009/dsa-1696

http://www.debian.org/security/2009/dsa-1697

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mandriva.com/security/advisories?name=MDVSA-2008:235

http://www.mozilla.org/security/announce/2008/mfsa2008-55.html

http://www.redhat.com/support/errata/RHSA-2008-0976.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021186

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=460002

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32715

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32798

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/33433

http://secunia.com/advisories/33434

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.debian.org/security/2009/dsa-1696

http://www.debian.org/security/2009/dsa-1697

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mandriva.com/security/advisories?name=MDVSA-2008:235

http://www.mozilla.org/security/announce/2008/mfsa2008-55.html

http://www.redhat.com/support/errata/RHSA-2008-0976.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021186

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=460002

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html