CVE-2008-5021

Impact:
Critical
Public Date:
2008-11-12
Bugzilla:
470894: CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager

The MITRE CVE dictionary describes this issue as:

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

Find out more about CVE-2008-5021 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux version 4 (firefox) RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux version 5 (firefox) RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0976 2008-11-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 devhelp 0.12-20.el5 Fixed
Red Hat Enterprise Linux version 5 yelp 2.16.0-22.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.1.1-3.el5 Fixed
Red Hat Enterprise Linux version 4 nss 3.12.1.1-3.el4 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.4-1.el5 Fixed