CVE-2008-5015

Medium CVSS 5.1

Overview

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has already been saved on the local system.

CWE: CWE-94 Published: 2008-11-13T11:30:01.267

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.1 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags