Red Hat Customer Portal

Skip to main content

CVE-2008-5511

Impact:
Critical
Public Date:
2008-12-16
CWE:
CWE-79
Bugzilla:
476285: CVE-2008-5511 Firefox XSS via XBL bindings to unloaded document

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

Find out more about CVE-2008-5511 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2009:0002 2009-01-07
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2009:0002 2009-01-07
Red Hat Enterprise Linux 5 (xulrunner) RHSA-2008:1036 2008-12-17
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:1037 2008-12-17
Red Hat Enterprise Linux 4 (nss) RHSA-2008:1036 2008-12-17
Red Hat Enterprise Linux 4 (seamonkey) RHSA-2008:1037 2008-12-17
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:1037 2008-12-17
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2009:0002 2009-01-07

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 5 nspr 4.7.3-2.el5 Fixed
Red Hat Enterprise Linux version 5 nss 3.12.2.0-2.el5 Fixed
Red Hat Enterprise Linux version 5 xulrunner 1.9.0.5-1.el5_2 Fixed
Red Hat Enterprise Linux version 4 nss 3.12.2.0-1.el4 Fixed
Red Hat Enterprise Linux version 4 nspr 4.7.3-1.el4 Fixed