CVE-2008-5023 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
mozilla	firefox	2.0 ≤ 𝑥 < 2.0.0.18
mozilla	firefox	3.0 ≤ 𝑥 < 3.0.4
mozilla	seamonkey	1.0 ≤ 𝑥 < 1.1.13
debian	debian_linux	4.0
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1 released
gutsy	Fixed 2.0.0.18+nobinonly-0ubuntu0.7.10 released
hardy	Fixed 2.0.0.18+nobinonly-0ubuntu0.8.04.1 released
intrepid	dne

firefox-3.0

dapper	dne
gutsy	ignored
hardy	Fixed 3.0.4+nobinonly-0ubuntu0.8.04.1 released
intrepid	Fixed 3.0.4+nobinonly-0ubuntu0.8.10.1 released

iceape

dapper	dne
gutsy	ignored
hardy	dne
intrepid	dne

iceweasel

dapper	dne
gutsy	dne
hardy	dne
intrepid	dne

seamonkey

dapper	dne
gutsy	dne
hardy	Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2 released
intrepid	Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2 released

xulrunner

dapper	dne
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
intrepid	Fixed 1.8.1.16+nobinonly-0ubuntu1 released

xulrunner-1.9

dapper	dne
gutsy	ignored
hardy	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.04.1 released
intrepid	Fixed 1.9.0.4+nobinonly-0ubuntu0.8.10.1 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-57.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021189

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=424733

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html

http://secunia.com/advisories/32684

http://secunia.com/advisories/32693

http://secunia.com/advisories/32694

http://secunia.com/advisories/32695

http://secunia.com/advisories/32713

http://secunia.com/advisories/32714

http://secunia.com/advisories/32721

http://secunia.com/advisories/32778

http://secunia.com/advisories/32845

http://secunia.com/advisories/32853

http://secunia.com/advisories/34501

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://ubuntu.com/usn/usn-667-1

http://www.debian.org/security/2008/dsa-1669

http://www.debian.org/security/2008/dsa-1671

http://www.mandriva.com/security/advisories?name=MDVSA-2008:228

http://www.mandriva.com/security/advisories?name=MDVSA-2008:230

http://www.mozilla.org/security/announce/2008/mfsa2008-57.html

http://www.redhat.com/support/errata/RHSA-2008-0977.html

http://www.redhat.com/support/errata/RHSA-2008-0978.html

http://www.securityfocus.com/bid/32281

http://www.securitytracker.com/id?1021189

http://www.us-cert.gov/cas/techalerts/TA08-319A.html

http://www.vupen.com/english/advisories/2008/3146

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=424733

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9908

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html