Vulnerability Description
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 2.0.0.18 |
| Mozilla | Seamonkey | <= 1.1.13 |
| Mozilla | Thunderbird | <= 2.0.0.18 |
References
- http://secunia.com/advisories/33184
- http://secunia.com/advisories/33189
- http://secunia.com/advisories/33204
- http://secunia.com/advisories/33205
- http://secunia.com/advisories/33231
- http://secunia.com/advisories/33232
- http://secunia.com/advisories/33408
- http://secunia.com/advisories/33415
- http://secunia.com/advisories/33421
- http://secunia.com/advisories/33433
- http://secunia.com/advisories/33434
- http://secunia.com/advisories/33523
- http://secunia.com/advisories/33547
- http://secunia.com/advisories/34501
- http://secunia.com/advisories/35080
FAQ
What is CVE-2008-5503?
CVE-2008-5503 is a vulnerability with a CVSS score of 2.6 (LOW). The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domai...
How severe is CVE-2008-5503?
CVE-2008-5503 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5503?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Mozilla Seamonkey, Mozilla Thunderbird.