CVE-2008-5015
Published: 13 November 2008
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1)
|
| gutsy |
Released
(2.0.0.18+nobinonly-0ubuntu0.7.10)
|
|
| hardy |
Released
(2.0.0.19+nobinonly1-0ubuntu0.8.04.1)
|
|
| intrepid |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Released
(3.0.4+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Released
(3.0.4+nobinonly-0ubuntu0.8.10.1)
|
|
| upstream |
Needs triage
|
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Released
(1.9.0.4+nobinonly-0ubuntu0.8.04.1)
|
|
| intrepid |
Released
(1.9.0.4+nobinonly-0ubuntu0.8.10.1)
|
|
| upstream |
Released
(1.9.0.4)
|