Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

Security Impact Summary

CVE-2008-5021 is a security vulnerability that . Impacting 13 products from mozilla, from mozilla, from mozilla and 10 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-11-13T11:30:01.377

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 2.0.0.18	Yes
Application	mozilla	firefox	< 3.0.4	Yes
Application	mozilla	seamonkey	< 1.1.13	Yes
Application	mozilla	thunderbird	< 2.0.0.18	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	fedoraproject	fedora	8	Yes
Operating System	fedoraproject	fedora	9	Yes
Application	suse	linux_enterprise_debuginfo	10	Yes
Operating System	novell	linux_desktop	9	Yes
Operating System	novell	open_enterprise_server	-	Yes
Operating System	opensuse	opensuse	10.2	Yes
Operating System	opensuse	opensuse	10.3	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	suse	linux_enterprise_desktop	10	Yes
Operating System	suse	linux_enterprise_server	9	Yes
Operating System	suse	linux_enterprise_server	10	Yes
Operating System	suse	linux_enterprise_software_development_kit	10	Yes
Operating System	suse	linux_enterprise_software_development_kit	10	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html Mailing List, Third Party Advisory ([email protected])
http://secunia.com/advisories/32684 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32693 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32694 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32695 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32713 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32714 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32715 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32721 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32778 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32798 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32845 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/32853 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/33433 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/33434 Broken Link, Third Party Advisory ([email protected])
http://secunia.com/advisories/34501 Broken Link, Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link ([email protected])
http://ubuntu.com/usn/usn-667-1 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1669 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1671 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1696 Mailing List, Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1697 Mailing List, Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 Broken Link, Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 Broken Link, Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 Broken Link, Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0976.html Broken Link, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0977.html Broken Link, Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0978.html Broken Link, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/32281 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021186 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.us-cert.gov/cas/techalerts/TA08-319A.html Third Party Advisory, US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2008/3146 Broken Link, Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0977 Broken Link, Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=460002 Issue Tracking, Vendor Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Broken Link, Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html Mailing List, Third Party Advisory ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32684 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32693 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32694 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32695 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32713 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32714 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32715 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32721 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32778 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32798 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32845 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32853 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33433 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33434 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://ubuntu.com/usn/usn-667-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1669 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1671 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1696 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1697 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-55.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0976.html Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0977.html Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0978.html Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32281 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021186 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA08-319A.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/3146 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=460002 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9642 Broken Link, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For mozilla's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.