CVE-2008-5503

N/A Unknown

Published: December 17, 2008 Modified: April 23, 2026

Description

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/33184

Source: secalert@redhat.com

http://secunia.com/advisories/33189

Source: secalert@redhat.com

http://secunia.com/advisories/33204

Source: secalert@redhat.com

http://secunia.com/advisories/33205

Source: secalert@redhat.com

http://secunia.com/advisories/33231

Source: secalert@redhat.com

http://secunia.com/advisories/33232

Source: secalert@redhat.com

http://secunia.com/advisories/33408

Source: secalert@redhat.com

http://secunia.com/advisories/33415

Source: secalert@redhat.com

http://secunia.com/advisories/33421

Source: secalert@redhat.com

http://secunia.com/advisories/33433

Source: secalert@redhat.com

http://secunia.com/advisories/33434

Source: secalert@redhat.com

http://secunia.com/advisories/33523

Source: secalert@redhat.com

http://secunia.com/advisories/33547

Source: secalert@redhat.com

http://secunia.com/advisories/34501

Source: secalert@redhat.com

http://secunia.com/advisories/35080

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Source: secalert@redhat.com

http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1696

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1697

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1704

Source: secalert@redhat.com

http://www.debian.org/security/2009/dsa-1707

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2008:244

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2009:012

Source: secalert@redhat.com

http://www.mozilla.org/security/announce/2008/mfsa2008-61.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-1037.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2009-0002.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/32882

Source: secalert@redhat.com

http://www.securitytracker.com/id?1021424

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-690-2

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-701-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/usn-701-2

Source: secalert@redhat.com

http://www.vupen.com/english/advisories/2009/0977

Source: secalert@redhat.com

https://bugzilla.mozilla.org/show_bug.cgi?id=379959

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/47409

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11423

Source: secalert@redhat.com

https://usn.ubuntu.com/690-3/

Source: secalert@redhat.com

http://secunia.com/advisories/33184