Search for vulnerabilities
Vulnerability details: VCID-jh6c-v8un-aaak
Vulnerability ID VCID-jh6c-v8un-aaak
Aliases CVE-2008-5504
Summary CVE-2008-5504 Firefox 2 XSS attack vectors in feed preview
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-264 Permissions, Privileges, and Access Controls
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2008:1037
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01705 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01802 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01802 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01948 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.01948 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.02755 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
epss 0.07981 https://api.first.org/data/v1/epss?cve=CVE-2008-5504
rhbs urgent https://bugzilla.redhat.com/show_bug.cgi?id=476273
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-5504
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2008-62
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5504.json
https://api.first.org/data/v1/epss?cve=CVE-2008-5504
https://bugzilla.mozilla.org/show_bug.cgi?id=453526
http://secunia.com/advisories/33184
http://secunia.com/advisories/33189
http://secunia.com/advisories/33231
http://secunia.com/advisories/33523
http://secunia.com/advisories/34501
https://exchange.xforce.ibmcloud.com/vulnerabilities/47410
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10781
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.debian.org/security/2009/dsa-1707
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
http://www.mozilla.org/security/announce/2008/mfsa2008-62.html
http://www.redhat.com/support/errata/RHSA-2008-1037.html
http://www.securityfocus.com/bid/32882
http://www.securitytracker.com/id?1021422
http://www.ubuntu.com/usn/usn-690-2
http://www.vupen.com/english/advisories/2009/0977
476273 https://bugzilla.redhat.com/show_bug.cgi?id=476273
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
CVE-2008-5504 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5504
CVE-2008-5504 https://nvd.nist.gov/vuln/detail/CVE-2008-5504
GLSA-201301-01 https://security.gentoo.org/glsa/201301-01
mfsa2008-62 https://www.mozilla.org/en-US/security/advisories/mfsa2008-62
RHSA-2008:1037 https://access.redhat.com/errata/RHSA-2008:1037
USN-690-2 https://usn.ubuntu.com/690-2/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-5504
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.88155
EPSS Score 0.01705
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.