Home > Vulnerability Database > CVE-2008-5511

Mend.io Vulnerability Database

CVE-2008-5511

Date: December 17, 2008

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

Severity Score

3.7

Related Resources (47)

Url: http://www.ubuntu.com/usn/usn-690-2

Url: https://usn.ubuntu.com/690-1/

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/33189

Url: http://www.debian.org/security/2009/dsa-1697

Url: https://usn.ubuntu.com/690-3/

Url: http://secunia.com/advisories/33188

Url: http://secunia.com/advisories/33523

Url: http://secunia.com/advisories/33547

Url: http://secunia.com/advisories/33184

Url: http://www.redhat.com/support/errata/RHSA-2008-1036.html

Url: http://secunia.com/advisories/33205

Url: http://secunia.com/advisories/33204

Url: http://secunia.com/advisories/33203

Url: http://secunia.com/advisories/33421

Url: http://www.securityfocus.com/bid/32882

Url: http://secunia.com/advisories/33408

Url: http://www.vupen.com/english/advisories/2009/0977

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5511

Url: http://www.ubuntu.com/usn/usn-701-1

Url: http://secunia.com/advisories/33433

Url: http://www.ubuntu.com/usn/usn-701-2

Url: http://secunia.com/advisories/33434

Url: http://secunia.com/advisories/34501

Url: http://secunia.com/advisories/33232

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-68.html

Url: http://secunia.com/advisories/33231

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=464174

Url: https://access.redhat.com/security/cve/CVE-2008-5511

Url: http://secunia.com/advisories/33415

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881

Url: http://www.debian.org/security/2009/dsa-1704

Url: http://www.debian.org/security/2009/dsa-1707

Url: http://secunia.com/advisories/33216

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/47417

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:245

Url: http://www.redhat.com/support/errata/RHSA-2008-1037.html

Url: http://secunia.com/advisories/35080

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: http://www.redhat.com/support/errata/RHSA-2009-0002.html

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=451680

Url: http://www.securitytracker.com/id?1021418

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-5511

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

Url: https://www.mend.io/vulnerability-database/CVE-2008-5511

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-5511

Date: December 17, 2008

Severity Score

Related Resources (47)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?