// For flags

CVE-2008-5511

Firefox XSS via XBL bindings to unloaded document

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."

Mozilla Firefox 3.x antes de v3.0.5 y 2.x antes de v2.0.0.19, Thunderbird 2.x antes 2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos evitar la política de mismo origen y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante una vinculación XBL a un "documento no descargado".

Several flaws were discovered in the Thunderbird browser engine. Boris Zbarsky discovered that the same-origin check in Thunderbird could be bypassed by utilizing XBL-bindings. Marius Schilder discovered that Thunderbird did not properly handle redirects to an outside domain when an XMLHttpRequest was made to a same-origin resource. Chris Evans discovered that Thunderbird did not properly protect a user's data when accessing a same-domain Javascript URL that is redirected to an unparsable Javascript off-site resource. Chip Salzenberg, Justin Schuh, Tom Cross, and Peter William discovered Thunderbird did not properly parse URLs when processing certain control characters. Kojima Hajime discovered that Thunderbird did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. Several flaws were discovered in the Javascript engine.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-12-12 CVE Reserved
  • 2008-12-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (45)
URL Tag Source
http://secunia.com/advisories/33184 Third Party Advisory
http://secunia.com/advisories/33188 Third Party Advisory
http://secunia.com/advisories/33189 Third Party Advisory
http://secunia.com/advisories/33203 Third Party Advisory
http://secunia.com/advisories/33204 Third Party Advisory
http://secunia.com/advisories/33205 Third Party Advisory
http://secunia.com/advisories/33216 Third Party Advisory
http://secunia.com/advisories/33231 Third Party Advisory
http://secunia.com/advisories/33232 Third Party Advisory
http://secunia.com/advisories/33408 Third Party Advisory
http://secunia.com/advisories/33415 Third Party Advisory
http://secunia.com/advisories/33421 Third Party Advisory
http://secunia.com/advisories/33433 Third Party Advisory
http://secunia.com/advisories/33434 Third Party Advisory
http://secunia.com/advisories/33523 Third Party Advisory
http://secunia.com/advisories/33547 Third Party Advisory
http://secunia.com/advisories/34501 Third Party Advisory
http://secunia.com/advisories/35080 Third Party Advisory
http://www.securityfocus.com/bid/32882 Third Party Advisory
http://www.securitytracker.com/id?1021418 Third Party Advisory
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47417 Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11881 Signature
URL Date SRC
URL Date SRC
URL Date SRC
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 2023-02-13
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 2023-02-13
http://www.debian.org/security/2009/dsa-1696 2023-02-13
http://www.debian.org/security/2009/dsa-1697 2023-02-13
http://www.debian.org/security/2009/dsa-1704 2023-02-13
http://www.debian.org/security/2009/dsa-1707 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 2023-02-13
http://www.mozilla.org/security/announce/2008/mfsa2008-68.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-1036.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-1037.html 2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-0002.html 2023-02-13
http://www.ubuntu.com/usn/usn-690-2 2023-02-13
http://www.ubuntu.com/usn/usn-701-1 2023-02-13
http://www.ubuntu.com/usn/usn-701-2 2023-02-13
https://bugzilla.mozilla.org/show_bug.cgi?id=451680 2023-02-13
https://bugzilla.mozilla.org/show_bug.cgi?id=464174 2023-02-13
https://usn.ubuntu.com/690-1 2023-02-13
https://usn.ubuntu.com/690-3 2023-02-13
https://access.redhat.com/security/cve/CVE-2008-5511 2009-01-07
https://bugzilla.redhat.com/show_bug.cgi?id=476285 2009-01-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 2.0 < 2.0.0.19
Search vendor "Mozilla" for product "Firefox" and version " >= 2.0 < 2.0.0.19"
-
Affected
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 >= 3.0 < 3.0.5
Search vendor "Mozilla" for product "Firefox" and version " >= 3.0 < 3.0.5"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 >= 1.0 < 1.1.14
Search vendor "Mozilla" for product "Seamonkey" and version " >= 1.0 < 1.1.14"
-
Affected
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
 >= 2.0 < 2.0.0.19
Search vendor "Mozilla" for product "Thunderbird" and version " >= 2.0 < 2.0.0.19"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.10"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected