CVE-2008-5013
Summary
| CVE | CVE-2008-5013 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-11-13 11:30:01 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mozilla | Firefox | 0.10 | All | All | All |
| Application | Mozilla | Firefox | 0.10.1 | All | All | All |
| Application | Mozilla | Firefox | 0.8 | All | All | All |
| Application | Mozilla | Firefox | 0.9 | All | All | All |
| Application | Mozilla | Firefox | 0.9 | rc | All | All |
| Application | Mozilla | Firefox | 0.9.1 | All | All | All |
| Application | Mozilla | Firefox | 0.9.2 | All | All | All |
| Application | Mozilla | Firefox | 0.9.3 | All | All | All |
| Application | Mozilla | Firefox | 0.9_rc | All | All | All |
| Application | Mozilla | Firefox | 1.0 | All | All | All |
| Application | Mozilla | Firefox | 1.0.1 | All | All | All |
| Application | Mozilla | Firefox | 1.0.2 | All | All | All |
| Application | Mozilla | Firefox | 1.0.3 | All | All | All |
| Application | Mozilla | Firefox | 1.0.4 | All | All | All |
| Application | Mozilla | Firefox | 1.0.5 | All | All | All |
| Application | Mozilla | Firefox | 1.0.6 | All | All | All |
| Application | Mozilla | Firefox | 1.0.6 | All | linux | All |
| Application | Mozilla | Firefox | 1.0.7 | All | All | All |
| Application | Mozilla | Firefox | 1.0.8 | All | All | All |
| Application | Mozilla | Firefox | 1.5 | All | All | All |
| Application | Mozilla | Firefox | 1.5 | beta1 | All | All |
| Application | Mozilla | Firefox | 1.5 | beta2 | All | All |
| Application | Mozilla | Firefox | 1.5.0.1 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.10 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.11 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.12 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.2 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.3 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.4 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.5 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.6 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.7 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.8 | All | All | All |
| Application | Mozilla | Firefox | 1.5.0.9 | All | All | All |
| Application | Mozilla | Firefox | 1.5.1 | All | All | All |
| Application | Mozilla | Firefox | 1.5.2 | All | All | All |
| Application | Mozilla | Firefox | 1.5.3 | All | All | All |
| Application | Mozilla | Firefox | 1.5.4 | All | All | All |
| Application | Mozilla | Firefox | 1.5.5 | All | All | All |
| Application | Mozilla | Firefox | 1.5.6 | All | All | All |
| Application | Mozilla | Firefox | 1.5.7 | All | All | All |
| Application | Mozilla | Firefox | 1.5.8 | All | All | All |
| Application | Mozilla | Firefox | 1.8 | All | All | All |
| Application | Mozilla | Firefox | 2.0 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.1 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.10 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.11 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.12 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.13 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.14 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.15 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.16 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.2 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.3 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.4 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.5 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.6 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.7 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.8 | All | All | All |
| Application | Mozilla | Firefox | 2.0.0.9 | All | All | All |
| Application | Mozilla | Firefox | All | All | All | All |
| Application | Mozilla | Seamonkey | 1.0 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0 | All | alpha | All |
| Application | Mozilla | Seamonkey | 1.0 | All | beta | All |
| Application | Mozilla | Seamonkey | 1.0 | All | dev | All |
| Application | Mozilla | Seamonkey | 1.0 | beta | All | All |
| Application | Mozilla | Seamonkey | 1.0.1 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.2 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.3 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.4 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.5 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.6 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.7 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.8 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.9 | All | All | All |
| Application | Mozilla | Seamonkey | 1.0.99 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1 | beta | All | All |
| Application | Mozilla | Seamonkey | 1.1.1 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.10 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.11 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.2 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.3 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.4 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.5 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.5 | 1.1.10 | All | All |
| Application | Mozilla | Seamonkey | 1.1.6 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.7 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.8 | All | All | All |
| Application | Mozilla | Seamonkey | 1.1.9 | All | All | All |
| Application | Mozilla | Seamonkey | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Debian update for xulrunner - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| sunsolve.sun.com/search/document.do | af854a3a-2127-422b-91ae-364da2661108 | sunsolve.sun.com | |
| Support / Security / Advisories / / MDVSA-2008:228 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Mozilla Firefox/Thunderbird/SeaMonkey Multiple Remote Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Red Hat update for seamonkey - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Debian -- Security Information -- DSA-1669-1 xulrunner | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Debian update for iceweasel - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Debian -- Security Information -- DSA-1671-1 iceweasel | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| [SECURITY] Fedora 8 Update: firefox-2.0.0.18-1.fc8 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Debian -- Security Information -- DSA-1697-1 iceape | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| Mozilla Firefox 2 Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| US-CERT Technical Cyber Security Alert TA08-319A -- Mozilla Updates for Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | US Government Resource |
| Mozilla Firefox Dynamic Module Unloading Bug Lets Remote Users Execute Arbitrary Code - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Debian update for iceape - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| [security-announce] SUSE Security Announcement: Mozilla (SUSE-SA:2008:05 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| Ubuntu update for firefox, firefox-3.0, and xulrunner-1.9 - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Sun Solaris Firefox Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| MFSA 2008-49: Arbitrary code execution via Flash Player dynamic module unloading | af854a3a-2127-422b-91ae-364da2661108 | www.mozilla.org | |
| Fedora update for firefox - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Mozilla SeaMonkey Multiple Vulnerabilities - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| USN-667-1: Firefox and xulrunner vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | ubuntu.com | |
| Bug 433610 – Mozilla Firefox Flash Player Dynamic Module Unloading Vulnerability (ZDI-CAN-259) | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.mozilla.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.