Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2008-5022

Опубликовано: 13 нояб. 2008
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 7.5

Описание

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

РелизСтатусПримечание
dapper

released

1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1
devel

DNE

gutsy

released

2.0.0.18+nobinonly-0ubuntu0.7.10
hardy

released

2.0.0.18+nobinonly-0ubuntu0.8.04.1
intrepid

DNE

upstream

released

2.0.0.18

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

3.0.4+nobinonly-0ubuntu2
gutsy

ignored

end of life, was needed
hardy

released

3.0.4+nobinonly-0ubuntu0.8.04.1
intrepid

released

3.0.4+nobinonly-0ubuntu0.8.10.1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

ignored

end of life, was needed
hardy

DNE

intrepid

DNE

upstream

released

1.1.13

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

released

1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1
devel

DNE

gutsy

DNE

hardy

DNE

intrepid

DNE

upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.1.13+nobinonly-0ubuntu1
gutsy

DNE

hardy

released

1.1.15+nobinonly-0ubuntu0.8.04.2
intrepid

released

1.1.15+nobinonly-0ubuntu0.8.10.2
upstream

released

1.1.13

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

2.0.0.18+nobinonly-0ubuntu1
gutsy

released

2.0.0.18+nobinonly-0ubuntu0.7.10.1
hardy

released

2.0.0.18+nobinonly-0ubuntu0.8.04.1
intrepid

released

2.0.0.18+nobinonly-0ubuntu0.8.10.1
upstream

released

2.0.0.18

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.8.1.16+nobinonly-0ubuntu1
gutsy

released

1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1
hardy

released

1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1
intrepid

released

1.8.1.16+nobinonly-0ubuntu1
upstream

needs-triage

Показывать по

РелизСтатусПримечание
dapper

DNE

devel

released

1.9.0.4+nobinonly-0ubuntu1
gutsy

ignored

end of life, was needed
hardy

released

1.9.0.4+nobinonly-0ubuntu0.8.04.1
intrepid

released

1.9.0.4+nobinonly-0ubuntu0.8.10.1
upstream

released

1.9.0.4

Показывать по

Ссылки на источники

EPSS

Процентиль: 93%
0.10459
Средний

7.5 High

CVSS2

Связанные уязвимости

redhat логотип

CVE-2008-5022

redhat
больше 16 лет назад

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

nvd логотип

CVE-2008-5022

nvd
больше 16 лет назад

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

debian логотип

CVE-2008-5022

debian
больше 16 лет назад

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x befor ...

github логотип

GHSA-49p4-3jx5-xgmj

github
около 3 лет назад

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

oracle-oval логотип

ELSA-2008-0978

oracle-oval
больше 16 лет назад

ELSA-2008-0978: firefox security update (CRITICAL)

EPSS

Процентиль: 93%
0.10459
Средний

7.5 High

CVSS2

Уязвимость CVE-2008-5022