Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.

Security Impact Summary

CVE-2008-5507 is a security vulnerability that . Impacting 5 products from mozilla, from mozilla, from mozilla and 2 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-12-17T23:30:00.577

Last Modified

2026-04-23T00:35:47.467

Status

Modified

Source

[email protected]

Severity

CVSSv2: 6.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 2.0.0.19	Yes
Application	mozilla	firefox	< 3.0.5	Yes
Application	mozilla	seamonkey	< 1.1.14	Yes
Application	mozilla	thunderbird	< 2.0.0.19	Yes
Operating System	canonical	ubuntu_linux	6.06	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes

References

http://scary.beasts.org/security/CESA-2008-011.html Third Party Advisory ([email protected])
http://secunia.com/advisories/33184 Third Party Advisory ([email protected])
http://secunia.com/advisories/33188 Third Party Advisory ([email protected])
http://secunia.com/advisories/33189 Third Party Advisory ([email protected])
http://secunia.com/advisories/33203 Third Party Advisory ([email protected])
http://secunia.com/advisories/33204 Third Party Advisory ([email protected])
http://secunia.com/advisories/33205 Third Party Advisory ([email protected])
http://secunia.com/advisories/33216 Third Party Advisory ([email protected])
http://secunia.com/advisories/33231 Third Party Advisory ([email protected])
http://secunia.com/advisories/33232 Third Party Advisory ([email protected])
http://secunia.com/advisories/33408 Third Party Advisory ([email protected])
http://secunia.com/advisories/33415 Third Party Advisory ([email protected])
http://secunia.com/advisories/33421 Third Party Advisory ([email protected])
http://secunia.com/advisories/33433 Third Party Advisory ([email protected])
http://secunia.com/advisories/33434 Third Party Advisory ([email protected])
http://secunia.com/advisories/33523 Third Party Advisory ([email protected])
http://secunia.com/advisories/33547 Third Party Advisory ([email protected])
http://secunia.com/advisories/34501 Third Party Advisory ([email protected])
http://secunia.com/advisories/35080 Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1704 Third Party Advisory ([email protected])
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/499353/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021423 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-2 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=461735 Issue Tracking, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/47413 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376 Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-1/ Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-3/ Third Party Advisory ([email protected])
http://scary.beasts.org/security/CESA-2008-011.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33189 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33204 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33205 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33231 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33232 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33415 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33421 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33433 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33434 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33523 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33547 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35080 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1696 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1697 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1704 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-65.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/499353/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021423 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=461735 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47413 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9376 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-3/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For mozilla's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.