Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.

Published

2008-12-17T23:30:00.627

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 2.0.0.19	Yes
Application	mozilla	firefox	< 3.0.5	Yes
Application	mozilla	seamonkey	< 1.1.14	Yes
Application	mozilla	thunderbird	< 2.0.0.19	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes

References

http://secunia.com/advisories/33184 Third Party Advisory ([email protected])
http://secunia.com/advisories/33188 Third Party Advisory ([email protected])
http://secunia.com/advisories/33203 Third Party Advisory ([email protected])
http://secunia.com/advisories/33204 Third Party Advisory ([email protected])
http://secunia.com/advisories/33205 Third Party Advisory ([email protected])
http://secunia.com/advisories/33216 Third Party Advisory ([email protected])
http://secunia.com/advisories/33231 Third Party Advisory ([email protected])
http://secunia.com/advisories/33408 Third Party Advisory ([email protected])
http://secunia.com/advisories/33523 Third Party Advisory ([email protected])
http://secunia.com/advisories/34501 Third Party Advisory ([email protected])
http://secunia.com/advisories/35080 Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021425 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory ([email protected])
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=228856 Issue Tracking, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/47415 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9662 Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-1/ Third Party Advisory ([email protected])
http://secunia.com/advisories/33184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33204 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33205 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33231 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33408 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33523 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35080 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-67.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021425 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-701-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.mozilla.org/show_bug.cgi?id=228856 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47415 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9662 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)