CVE-2008-5511 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 81%

Vendor	Product	Version
mozilla	firefox	2.0 ≤ 𝑥 < 2.0.0.19
mozilla	firefox	3.0 ≤ 𝑥 < 3.0.5
mozilla	seamonkey	1.0 ≤ 𝑥 < 1.1.14
mozilla	thunderbird	2.0 ≤ 𝑥 < 2.0.0.19
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	7.10
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
debian	debian_linux	4.0
debian	debian_linux	5.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

firefox

natty	Fixed 3.0.5+nobinonly-0ubuntu0.8.04.1 released
maverick	Fixed 3.0.5+nobinonly-0ubuntu0.8.04.1 released
lucid	Fixed 3.0.5+nobinonly-0ubuntu0.8.04.1 released
karmic	dne
jaunty	dne
intrepid	dne
hardy	Fixed 2.0.0.19+nobinonly1-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.19+nobinonly1-0ubuntu0.7.10.1 released
dapper	Fixed 1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1 released

firefox-3.0

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 3.0.5+nobinonly-0ubuntu1 released
intrepid	Fixed 3.0.5+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 3.0.5+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
dapper	dne

iceape

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	ignored
dapper	dne

mozilla-thunderbird

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	dne
intrepid	dne
hardy	dne
gutsy	dne
dapper	Fixed 1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1 released

seamonkey

natty	Fixed 1.1.15+nobinonly-0ubuntu2 released
maverick	Fixed 1.1.15+nobinonly-0ubuntu2 released
lucid	Fixed 1.1.15+nobinonly-0ubuntu2 released
karmic	Fixed 1.1.15+nobinonly-0ubuntu2 released
jaunty	Fixed 1.1.15+nobinonly-0ubuntu2 released
intrepid	Fixed 1.1.15+nobinonly-0ubuntu0.8.10.2 released
hardy	Fixed 1.1.15+nobinonly-0ubuntu0.8.04.2 released
gutsy	dne
dapper	dne

thunderbird

natty	Fixed 2.0.0.19+nobinonly-0ubuntu1 released
maverick	Fixed 2.0.0.19+nobinonly-0ubuntu1 released
lucid	Fixed 2.0.0.19+nobinonly-0ubuntu1 released
karmic	Fixed 2.0.0.19+nobinonly-0ubuntu1 released
jaunty	Fixed 2.0.0.19+nobinonly-0ubuntu1 released
intrepid	Fixed 2.0.0.19+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 2.0.0.19+nobinonly-0ubuntu0.8.04.1 released
gutsy	Fixed 2.0.0.19+nobinonly-0ubuntu0.7.10.1 released
dapper	dne

xulrunner

natty	dne
maverick	dne
lucid	dne
karmic	ignored
jaunty	ignored
intrepid	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1 released
hardy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1 released
gutsy	Fixed 1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1 released
dapper	dne

xulrunner-1.9

natty	dne
maverick	dne
lucid	dne
karmic	dne
jaunty	Fixed 1.9.0.5+nobinonly-0ubuntu1 released
intrepid	Fixed 1.9.0.5+nobinonly-0ubuntu0.8.10.1 released
hardy	Fixed 1.9.0.5+nobinonly-0ubuntu0.8.04.1 released
gutsy	ignored
dapper	dne

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://secunia.com/advisories/33184

http://secunia.com/advisories/33188

http://secunia.com/advisories/33189

http://secunia.com/advisories/33203

http://secunia.com/advisories/33204

http://secunia.com/advisories/33205

http://secunia.com/advisories/33216

http://secunia.com/advisories/33231

http://secunia.com/advisories/33232

http://secunia.com/advisories/33408

http://secunia.com/advisories/33415

http://secunia.com/advisories/33421

http://secunia.com/advisories/33433

http://secunia.com/advisories/33434

http://secunia.com/advisories/33523

http://secunia.com/advisories/33547

http://secunia.com/advisories/34501

http://secunia.com/advisories/35080

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

http://www.debian.org/security/2009/dsa-1696

http://www.debian.org/security/2009/dsa-1697

http://www.debian.org/security/2009/dsa-1704

http://www.debian.org/security/2009/dsa-1707

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

http://www.mozilla.org/security/announce/2008/mfsa2008-68.html

http://www.redhat.com/support/errata/RHSA-2008-1036.html

http://www.redhat.com/support/errata/RHSA-2008-1037.html

http://www.redhat.com/support/errata/RHSA-2009-0002.html

http://www.securityfocus.com/bid/32882

http://www.securitytracker.com/id?1021418

http://www.ubuntu.com/usn/usn-690-2

http://www.ubuntu.com/usn/usn-701-1

http://www.ubuntu.com/usn/usn-701-2

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=451680

https://bugzilla.mozilla.org/show_bug.cgi?id=464174

https://exchange.xforce.ibmcloud.com/vulnerabilities/47417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881

https://usn.ubuntu.com/690-1/

https://usn.ubuntu.com/690-3/

http://secunia.com/advisories/33184

http://secunia.com/advisories/33188

http://secunia.com/advisories/33189

http://secunia.com/advisories/33203

http://secunia.com/advisories/33204

http://secunia.com/advisories/33205

http://secunia.com/advisories/33216

http://secunia.com/advisories/33231

http://secunia.com/advisories/33232

http://secunia.com/advisories/33408

http://secunia.com/advisories/33415

http://secunia.com/advisories/33421

http://secunia.com/advisories/33433

http://secunia.com/advisories/33434

http://secunia.com/advisories/33523

http://secunia.com/advisories/33547

http://secunia.com/advisories/34501

http://secunia.com/advisories/35080

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

http://www.debian.org/security/2009/dsa-1696

http://www.debian.org/security/2009/dsa-1697

http://www.debian.org/security/2009/dsa-1704

http://www.debian.org/security/2009/dsa-1707

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

http://www.mozilla.org/security/announce/2008/mfsa2008-68.html

http://www.redhat.com/support/errata/RHSA-2008-1036.html

http://www.redhat.com/support/errata/RHSA-2008-1037.html

http://www.redhat.com/support/errata/RHSA-2009-0002.html

http://www.securityfocus.com/bid/32882

http://www.securitytracker.com/id?1021418

http://www.ubuntu.com/usn/usn-690-2

http://www.ubuntu.com/usn/usn-701-1

http://www.ubuntu.com/usn/usn-701-2

http://www.vupen.com/english/advisories/2009/0977

https://bugzilla.mozilla.org/show_bug.cgi?id=451680

https://bugzilla.mozilla.org/show_bug.cgi?id=464174

https://exchange.xforce.ibmcloud.com/vulnerabilities/47417

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881

https://usn.ubuntu.com/690-1/

https://usn.ubuntu.com/690-3/