You are here

CVE-2008-5021

Vincent (CVE) Danen's picture
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

Details Source

Mitre

Public Date

2008-11-12 00:00:00

Impact

Critical

Bugzilla

CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager

Bugzilla ID

470 894

CVSS Status

draft

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux 5 RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux 4 RHSA-2008:0978 2008-11-13
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2008:0976 2008-11-20
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2008:0977 2008-11-13
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2008:0976 2008-11-20

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 devhelp 0.12-20.el5 Fixed
Red Hat Enterprise Linux version 5 yelp 2.16.0-22.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.1.1-3.el5 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.4-1.el5 Fixed
Red Hat Enterprise Linux version 4 nss 3.12.1.1-3.el4 Fixed