CVE-2008-5015 — Code Injection in Mozilla Firefox

CWE-94 — Code Injection7 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

5.7%

top 9.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 13

Latest updateMay 17

Description

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmozilla/firefox3.0.3+3

🔴Vulnerability Details

GHSA

GHSA-w7p9-j7cw-wfpm: Mozilla Firefox 3↗2022-05-17

▶

📋Vendor Advisories

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-11-17

▶

Red Hat

file: URIs inherit chrome privileges↗2008-11-12

▶

Red Hat

opensc: incorrect initialization of Siemens CardOS M4 smart cards↗2008-07-31

▶

💬Community

Bugzilla

CVE-2008-5015 Mozilla file: URIs inherit chrome privileges↗2008-11-10

▶