Detections
Analytics
CVE-2008-5013
high
Description
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address.
References
https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00366.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9660
https://bugzilla.mozilla.org/show_bug.cgi?id=433610
http://www.vupen.com/english/advisories/2009/0977
http://www.vupen.com/english/advisories/2008/3146
http://www.us-cert.gov/cas/techalerts/TA08-319A.html
http://www.securitytracker.com/id?1021181
http://www.securityfocus.com/bid/32281
http://www.redhat.com/support/errata/RHSA-2008-0977.html
http://www.mozilla.org/security/announce/2008/mfsa2008-49.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:228
http://www.debian.org/security/2009/dsa-1697
http://www.debian.org/security/2008/dsa-1671
http://www.debian.org/security/2008/dsa-1669
http://ubuntu.com/usn/usn-667-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://secunia.com/advisories/34501
http://secunia.com/advisories/33433
http://secunia.com/advisories/32853
http://secunia.com/advisories/32845
http://secunia.com/advisories/32778
http://secunia.com/advisories/32714
http://secunia.com/advisories/32694
http://secunia.com/advisories/32693
http://secunia.com/advisories/32684
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html