CVE-2008-5013
Published: 13 November 2008
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1)
|
gutsy |
Released
(2.0.0.18+nobinonly-0ubuntu0.7.10)
|
|
hardy |
Released
(2.0.0.18+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Does not exist
|
|
upstream |
Released
(2.0.0.18)
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(3.0.4+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(3.0.4+nobinonly-0ubuntu0.8.10.1)
|
|
upstream |
Needs triage
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Released
(1.1.13)
|
|
icedove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13+1.5.0.15~prepatch080614h-0ubuntu0.6.06.1)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Does not exist
|
|
hardy |
Released
(1.1.15+nobinonly-0ubuntu0.8.04.2)
|
|
intrepid |
Released
(1.1.15+nobinonly-0ubuntu0.8.10.2)
|
|
upstream |
Released
(1.1.13)
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Released
(2.0.0.18+nobinonly-0ubuntu0.7.10.1)
|
|
hardy |
Released
(2.0.0.18+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(2.0.0.18+nobinonly-0ubuntu0.8.10.1)
|
|
upstream |
Released
(2.0.0.18)
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
hardy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.8.1.16+nobinonly-0ubuntu1)
|
|
upstream |
Needs triage
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.9.0.4+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.4+nobinonly-0ubuntu0.8.10.1)
|
|
upstream |
Released
(1.9.0.4)
|