CVE-2008-5021

Summary

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory.

Impact & exploitability

AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected products we track (2)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.htmlAdvisory
• http://secunia.com/advisories/32684Advisory
• http://secunia.com/advisories/32693Advisory
• http://secunia.com/advisories/32694Advisory
• http://secunia.com/advisories/32695Advisory
• http://secunia.com/advisories/32713Advisory
• http://secunia.com/advisories/32714Advisory
• http://secunia.com/advisories/32715Advisory