ID CVE-2008-5021
Summary nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
References
Vulnerable Configurations
  • cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:seamonkey:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0:-:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0:-:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:mozilla:thunderbird:2.0.0.17:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
    cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp2:*:*:*:*:*:*
  • cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
    cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_server:10:sp1:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:10:-:*:*:*:*:*:*
  • cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
    cpe:2.3:o:novell:open_enterprise_server:-:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 02-02-2024 - 17:07)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:20:58.939-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
family unix
id oval:org.mitre.oval:def:9642
status accepted
submitted 2010-07-09T03:56:16-04:00
title nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.
version 30
redhat via4
advisories
  • rhsa
    id RHSA-2008:0976
  • rhsa
    id RHSA-2008:0977
  • rhsa
    id RHSA-2008:0978
rpms
  • thunderbird-0:1.5.0.12-17.el4
  • thunderbird-0:2.0.0.18-1.el5
  • thunderbird-debuginfo-0:1.5.0.12-17.el4
  • thunderbird-debuginfo-0:2.0.0.18-1.el5
  • seamonkey-0:1.0.9-0.21.el2
  • seamonkey-0:1.0.9-0.25.el3
  • seamonkey-0:1.0.9-28.el4
  • seamonkey-chat-0:1.0.9-0.21.el2
  • seamonkey-chat-0:1.0.9-0.25.el3
  • seamonkey-chat-0:1.0.9-28.el4
  • seamonkey-debuginfo-0:1.0.9-0.25.el3
  • seamonkey-debuginfo-0:1.0.9-28.el4
  • seamonkey-devel-0:1.0.9-0.21.el2
  • seamonkey-devel-0:1.0.9-0.25.el3
  • seamonkey-devel-0:1.0.9-28.el4
  • seamonkey-dom-inspector-0:1.0.9-0.21.el2
  • seamonkey-dom-inspector-0:1.0.9-0.25.el3
  • seamonkey-dom-inspector-0:1.0.9-28.el4
  • seamonkey-js-debugger-0:1.0.9-0.21.el2
  • seamonkey-js-debugger-0:1.0.9-0.25.el3
  • seamonkey-js-debugger-0:1.0.9-28.el4
  • seamonkey-mail-0:1.0.9-0.21.el2
  • seamonkey-mail-0:1.0.9-0.25.el3
  • seamonkey-mail-0:1.0.9-28.el4
  • seamonkey-nspr-0:1.0.9-0.21.el2
  • seamonkey-nspr-0:1.0.9-0.25.el3
  • seamonkey-nspr-devel-0:1.0.9-0.21.el2
  • seamonkey-nspr-devel-0:1.0.9-0.25.el3
  • seamonkey-nss-0:1.0.9-0.21.el2
  • seamonkey-nss-0:1.0.9-0.25.el3
  • seamonkey-nss-devel-0:1.0.9-0.21.el2
  • seamonkey-nss-devel-0:1.0.9-0.25.el3
  • devhelp-0:0.12-20.el5
  • devhelp-debuginfo-0:0.12-20.el5
  • devhelp-devel-0:0.12-20.el5
  • firefox-0:3.0.4-1.el4
  • firefox-0:3.0.4-1.el5
  • firefox-debuginfo-0:3.0.4-1.el4
  • firefox-debuginfo-0:3.0.4-1.el5
  • nss-0:3.12.1.1-3.el4
  • nss-0:3.12.1.1-3.el5
  • nss-debuginfo-0:3.12.1.1-3.el4
  • nss-debuginfo-0:3.12.1.1-3.el5
  • nss-devel-0:3.12.1.1-3.el4
  • nss-devel-0:3.12.1.1-3.el5
  • nss-pkcs11-devel-0:3.12.1.1-3.el5
  • nss-tools-0:3.12.1.1-3.el5
  • xulrunner-0:1.9.0.4-1.el5
  • xulrunner-debuginfo-0:1.9.0.4-1.el5
  • xulrunner-devel-0:1.9.0.4-1.el5
  • xulrunner-devel-unstable-0:1.9.0.4-1.el5
  • yelp-0:2.16.0-22.el5
  • yelp-debuginfo-0:2.16.0-22.el5
refmap via4
bid 32281
cert TA08-319A
confirm http://www.mozilla.org/security/announce/2008/mfsa2008-55.html
debian
  • DSA-1669
  • DSA-1671
  • DSA-1696
  • DSA-1697
fedora
  • FEDORA-2008-9667
  • FEDORA-2008-9669
mandriva
  • MDVSA-2008:228
  • MDVSA-2008:230
  • MDVSA-2008:235
misc https://bugzilla.mozilla.org/show_bug.cgi?id=460002
sectrack 1021186
secunia
  • 32684
  • 32693
  • 32694
  • 32695
  • 32713
  • 32714
  • 32715
  • 32721
  • 32778
  • 32798
  • 32845
  • 32853
  • 33433
  • 33434
  • 34501
sunalert 256408
suse SUSE-SA:2008:055
ubuntu USN-667-1
vupen
  • ADV-2008-3146
  • ADV-2009-0977
Last major update 02-02-2024 - 17:07
Published 13-11-2008 - 11:30
Last modified 02-02-2024 - 17:07
Back to Top