CVE-2008-5021 — Race Condition in Mozilla Firefox

CWE-362 — Race Condition7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

23.8%

top 3.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird +9 more

Timeline

PublishedNov 13

Latest updateMay 14

Description

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages9 packages

▶NVDmozilla/firefox2.0 — 2.0.0.18+1

▶NVDmozilla/seamonkey1.0 — 1.1.13

▶NVDmozilla/thunderbird2.0 — 2.0.0.18

▶NVDopensuse/opensuse10.2, 10.3, 11.0+2

▶NVDnovell/linux_desktop9

Also affects: Debian Linux 4.0, Fedora 8, 9, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

GHSA

GHSA-7qf3-8pfp-6qg9: nsFrameManager in Firefox 3↗2022-05-14

▶

CVEList

CVE-2008-5021: nsFrameManager in Firefox 3↗2008-11-13

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2008-11-26

▶

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-11-17

▶

Red Hat

Mozilla crash and remote code execution in nsFrameManager↗2008-11-12

▶

💬Community

Bugzilla

CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager↗2008-11-10

▶