What is the severity of CVE-2008-5503?

CVE-2008-5503 has a medium severity rating.

How do I fix CVE-2008-5503?

To fix CVE-2008-5503, update to Mozilla Firefox version 2.0.0.19 or later, Thunderbird version 2.0.0.19 or later, or SeaMonkey version 1.1.14 or later.

Which software versions are affected by CVE-2008-5503?

CVE-2008-5503 affects Mozilla Firefox versions before 2.0.0.19, Thunderbird versions before 2.0.0.19, and SeaMonkey versions before 1.1.14.

Is CVE-2008-5503 a browser vulnerability?

Yes, CVE-2008-5503 is a vulnerability in the browsers Mozilla Firefox, Thunderbird, and SeaMonkey.

Vulnerability/
CVE-2008-5503

low

2.6

CWE

NVD-CWE-Other

17/12/2008

3/10/2018

CVE-2008-5503

Q: What types of attacks does CVE-2008-5503 allow?

CVE-2008-5503 allows remote attackers to read or access data from other domains through crafted XBL bindings.

First published: Wed Dec 17 2008(Updated: )

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Mozilla SeaMonkey	=1.1.10
Mozilla SeaMonkey	=1.0.3
Firefox	=2.0.0.12
Thunderbird	=2.0.0.4
Mozilla SeaMonkey	=1.1.8
Mozilla SeaMonkey	=1.0.1
Mozilla SeaMonkey	=1.1.7
Thunderbird	=2.0.0.6
Mozilla SeaMonkey	=1.0.6
Mozilla SeaMonkey	=1.0.9
Mozilla SeaMonkey	=1.1.3
Firefox	=2.0.0.2
Mozilla SeaMonkey	=1.0
Thunderbird	=2.0.0.9
Mozilla SeaMonkey	=1.1.5
Mozilla SeaMonkey	=1.0.7
Mozilla SeaMonkey	=1.1-alpha
Thunderbird	=2.0.0.16
Firefox	=2.0.0.7
Mozilla SeaMonkey	=1.1.12
Mozilla SeaMonkey	=1.1
Firefox	=2.0.0.9
Firefox	=2.0.0.16
Firefox	=2.0.0.17
Mozilla SeaMonkey	=1.1.2
Firefox	=2.0.0.15
Mozilla SeaMonkey	=1.0.2
Mozilla SeaMonkey	=1.0.8
Thunderbird	=2.0.0.0
Mozilla SeaMonkey	=1.1.11
Mozilla SeaMonkey	=1.1-beta
Mozilla SeaMonkey	<=1.1.13
Mozilla SeaMonkey	=1.1.1
Thunderbird	=2.0.0.12
Firefox	=2.0
Firefox	=2.0.0.14
Mozilla SeaMonkey	=1.0.5
Thunderbird	=2.0.0.14
Firefox	=2.0.0.3
Thunderbird	=2.0.0.17
Firefox	=2.0.0.6
Mozilla SeaMonkey	=1.1.6
Firefox	=2.0.0.11
Firefox	=2.0.0.4
Firefox	=2.0.0.13
Firefox	=2.0.0.1
Thunderbird	=2.0.0.5
Mozilla SeaMonkey	=1.1.9
Thunderbird	<=2.0.0.18
Firefox	=2.0.0.8
Firefox	<=2.0.0.18
Firefox	=2.0.0.5
Firefox	=2.0.0.10
Mozilla SeaMonkey	=1.1.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-5503?
CVE-2008-5503 has a medium severity rating.
How do I fix CVE-2008-5503?
To fix CVE-2008-5503, update to Mozilla Firefox version 2.0.0.19 or later, Thunderbird version 2.0.0.19 or later, or SeaMonkey version 1.1.14 or later.
Which software versions are affected by CVE-2008-5503?
CVE-2008-5503 affects Mozilla Firefox versions before 2.0.0.19, Thunderbird versions before 2.0.0.19, and SeaMonkey versions before 1.1.14.
What types of attacks does CVE-2008-5503 allow?
CVE-2008-5503 allows remote attackers to read or access data from other domains through crafted XBL bindings.
Is CVE-2008-5503 a browser vulnerability?
Yes, CVE-2008-5503 is a vulnerability in the browsers Mozilla Firefox, Thunderbird, and SeaMonkey.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/weakness
agent/author
agent/severity
agent/description
agent/event
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/mozilla
canonical/mozilla seamonkey
version/mozilla seamonkey/1.1.10
version/mozilla seamonkey/1.0.3
canonical/firefox
version/firefox/2.0.0.12
canonical/thunderbird
version/thunderbird/2.0.0.4
version/mozilla seamonkey/1.1.8
version/mozilla seamonkey/1.0.1
version/mozilla seamonkey/1.1.7
version/thunderbird/2.0.0.6
version/mozilla seamonkey/1.0.6
version/mozilla seamonkey/1.0.9
version/mozilla seamonkey/1.1.3
version/firefox/2.0.0.2
version/mozilla seamonkey/1.0
version/thunderbird/2.0.0.9
version/mozilla seamonkey/1.1.5
version/mozilla seamonkey/1.0.7
version/mozilla seamonkey/1.1-alpha
version/thunderbird/2.0.0.16
version/firefox/2.0.0.7
version/mozilla seamonkey/1.1.12
version/mozilla seamonkey/1.1
version/firefox/2.0.0.9
version/firefox/2.0.0.16
version/firefox/2.0.0.17
version/mozilla seamonkey/1.1.2
version/firefox/2.0.0.15
version/mozilla seamonkey/1.0.2
version/mozilla seamonkey/1.0.8
version/thunderbird/2.0.0.0
version/mozilla seamonkey/1.1.11
version/mozilla seamonkey/1.1-beta
version/mozilla seamonkey/1.1.13
version/mozilla seamonkey/1.1.1
version/thunderbird/2.0.0.12
version/firefox/2.0
version/firefox/2.0.0.14
version/mozilla seamonkey/1.0.5
version/thunderbird/2.0.0.14
version/firefox/2.0.0.3
version/thunderbird/2.0.0.17
version/firefox/2.0.0.6
version/mozilla seamonkey/1.1.6
version/firefox/2.0.0.11
version/firefox/2.0.0.4
version/firefox/2.0.0.13
version/firefox/2.0.0.1
version/thunderbird/2.0.0.5
version/mozilla seamonkey/1.1.9
version/thunderbird/2.0.0.18
version/firefox/2.0.0.8
version/firefox/2.0.0.18
version/firefox/2.0.0.5
version/firefox/2.0.0.10
version/mozilla seamonkey/1.1.4

CVE-2008-5503

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-5503?

How do I fix CVE-2008-5503?

Which software versions are affected by CVE-2008-5503?

What types of attacks does CVE-2008-5503 allow?

Is CVE-2008-5503 a browser vulnerability?

Company

Resources

Contact