CVE Vulnerabilities

CVE-2008-5022

Improper Authentication

Published: Nov 13, 2008 | Modified: Nov 02, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla 2.0 *
Firefox Mozilla 3.0 *
Seamonkey Mozilla 1.0 *
Thunderbird Mozilla 2.0 *

Potential Mitigations

References