CVE-2008-5503 Information

Description

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19 Thunderbird 2.x before 2.0.0.19 and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy which allows remote attackers to read or access data from other domains via crafted XBL bindings.

Reference

http://secunia.com/advisories/33184 http://secunia.com/advisories/33189 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/33523 http://secunia.com/advisories/33547 http://secunia.com/advisories/34501 http://secunia.com/advisories/35080 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 http://www.debian.org/security/2009/dsa-1696 http://www.debian.org/security/2009/dsa-1697 http://www.debian.org/security/2009/dsa-1704 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 http://www.mozilla.org/security/announce/2008/mfsa2008-61.html http://www.redhat.com/support/errata/RHSA-2008-1037.html http://www.redhat.com/support/errata/RHSA-2009-0002.html http://www.securityfocus.com/bid/32882 http://www.securitytracker.com/id?1021424 http://www.ubuntu.com/usn/usn-690-2 http://www.ubuntu.com/usn/usn-701-1 http://www.ubuntu.com/usn/usn-701-2 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=379959 https://exchange.xforce.ibmcloud.com/vulnerabilities/47409 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11423 https://usn.ubuntu.com/690-3/