Your submission was sent successfully! Close

CVE-2008-5503

Published: 17 December 2008

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper
Released (1.5.dfsg+1.5.0.15~prepatch080614i-0ubuntu1)
gutsy
Released (2.0.0.19+nobinonly1-0ubuntu0.7.10.1)
hardy
Released (2.0.0.21~tb.21.308+nobinonly-0ubuntu0.8.04.1)
intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

firefox-3.0
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (3.0.5+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (3.0.5+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (3.0.5+nobinonly-0ubuntu1)
karmic Does not exist

upstream
Released (3.0.5)
iceape
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream
Released (1.1.14)
mozilla-thunderbird
Launchpad, Ubuntu, Debian
dapper
Released (1.5.0.13+1.5.0.15~prepatch080614i-0ubuntu0.6.06.1)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (1.1.17+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.1.17+nobinonly-0ubuntu0.8.10.1)
jaunty Not vulnerable
(1.1.15+nobinonly-0ubuntu2)
karmic Not vulnerable
(1.1.15+nobinonly-0ubuntu2)
upstream
Released (1.1.14)
thunderbird
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.0.0.19+nobinonly-0ubuntu0.7.10.1)
hardy
Released (2.0.0.19+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (2.0.0.19+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (2.0.0.19+nobinonly-0ubuntu1)
karmic
Released (2.0.0.19+nobinonly-0ubuntu1)
upstream
Released (2.0.0.19)
xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (1.9.0.5+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.5+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.9.0.5+nobinonly-0ubuntu1)
karmic Does not exist

upstream
Released (1.9.0.5)