CVE-2008-5023 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 94%

Vendor	Product	Version
mozilla	firefox	2.0 ≤ 𝑥 < 2.0.0.18
mozilla	firefox	3.0 ≤ 𝑥 < 3.0.4
mozilla	seamonkey	1.0 ≤ 𝑥 < 1.1.13
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

intrepid	dne
hardy	Fixed 2.0.0.18+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.18+nobinonly-0ubuntu0.7.10 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 released

firefox-3.0

intrepid	Fixed 3.0.4+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 3.0.4+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
dapper	dne

iceape

intrepid	dne
hardy	dne
gutsy	ignored
dapper	dne

iceweasel

intrepid	dne
hardy	dne
gutsy	dne
dapper	dne

seamonkey

intrepid	Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2 released
hardy	Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2 released
gutsy	dne
dapper	dne

xulrunner

intrepid	Fixed 1.8.1.16+nobinonly-0ubuntu1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
dapper	dne

xulrunner-1.9

intrepid	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
dapper	dne

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-57.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021189

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=424733

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-57.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021189

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=424733

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html