CVE-2008-5023 Information

Description

Firefox 3.x before 3.0.4 Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.

Reference

http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu.com/usn/usn-667-1 http://www.debian.org/security/2008/dsa-1669 http://www.debian.org/security/2008/dsa-1671 http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:230 http://www.mozilla.org/security/announce/2008/mfsa2008-57.html http://www.redhat.com/support/errata/RHSA-2008-0977.html http://www.redhat.com/support/errata/RHSA-2008-0978.html http://www.securityfocus.com/bid/32281 http://www.securitytracker.com/id?1021189 http://www.us-cert.gov/cas/techalerts/TA08-319A.html http://www.vupen.com/english/advisories/2008/3146 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=424733 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9908 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00385.html