CVE-2008-5022

Mozilla Firefox < 2.0.0.18 - Authentication Bypass

Title source: rule

Description

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.

References (38)

... and 18 more

Scores

EPSS 0.1345
EPSS Percentile 94.1%

Classification

CWE
CWE-287
Status draft

Affected Products (8)

mozilla/firefox < 2.0.0.18
mozilla/seamonkey < 1.1.13
mozilla/thunderbird < 2.0.0.18
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux

Timeline

Published Nov 13, 2008
Tracked Since Feb 18, 2026