CVE - CVE-2008-5013

CVE-ID
CVE-2008-5013	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1021181 URL:http://www.securitytracker.com/id?1021181 MISC:256408 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1~~ (Obsolete source) MISC:32281 URL:http://www.securityfocus.com/bid/32281 MISC:32684 URL:http://secunia.com/advisories/32684 MISC:32693 URL:http://secunia.com/advisories/32693 MISC:32694 URL:http://secunia.com/advisories/32694 MISC:32714 URL:http://secunia.com/advisories/32714 MISC:32778 URL:http://secunia.com/advisories/32778 MISC:32845 URL:http://secunia.com/advisories/32845 MISC:32853 URL:http://secunia.com/advisories/32853 MISC:33433 URL:http://secunia.com/advisories/33433 MISC:34501 URL:http://secunia.com/advisories/34501 MISC:ADV-2008-3146 URL:~~http://www.vupen.com/english/advisories/2008/3146~~ (Obsolete source) MISC:ADV-2009-0977 URL:~~http://www.vupen.com/english/advisories/2009/0977~~ (Obsolete source) MISC:DSA-1669 URL:http://www.debian.org/security/2008/dsa-1669 MISC:DSA-1671 URL:http://www.debian.org/security/2008/dsa-1671 MISC:DSA-1697 URL:http://www.debian.org/security/2009/dsa-1697 MISC:FEDORA-2008-9667 URL:https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html MISC:MDVSA-2008:228 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:228~~ (Obsolete source) MISC:RHSA-2008:0977 URL:http://www.redhat.com/support/errata/RHSA-2008-0977.html MISC:SUSE-SA:2008:055 URL:http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html MISC:TA08-319A URL:http://www.us-cert.gov/cas/techalerts/TA08-319A.html MISC:USN-667-1 URL:http://ubuntu.com/usn/usn-667-1 MISC:http://www.mozilla.org/security/announce/2008/mfsa2008-49.html URL:http://www.mozilla.org/security/announce/2008/mfsa2008-49.html MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=433610 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=433610 MISC:oval:org.mitre.oval:def:9660 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9660
Assigning CNA
Red Hat, Inc.
Date Record Created
20081110	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081110)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.