Vulnerability Description
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.17 |
| Mozilla | Seamonkey | <= 1.1.12 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html
- http://secunia.com/advisories/32684
- http://secunia.com/advisories/32693
- http://secunia.com/advisories/32694
- http://secunia.com/advisories/32714
- http://secunia.com/advisories/32778
- http://secunia.com/advisories/32845
- http://secunia.com/advisories/32853
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://ubuntu.com/usn/usn-667-1
- http://www.debian.org/security/2008/dsa-1669
- http://www.debian.org/security/2008/dsa-1671
- http://www.debian.org/security/2009/dsa-1697
FAQ
What is CVE-2008-5013?
CVE-2008-5013 is a vulnerability with a CVSS score of 9.3 (HIGH). Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitra...
How severe is CVE-2008-5013?
CVE-2008-5013 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5013?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey.