Candidate: CVE-2008-5015
PublicDate: 2008-11-13 11:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5015
 https://ubuntu.com/security/notices/USN-667-1
Description:
 Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI
 when it is accessed in the same tab from a chrome or privileged about:
 page, which makes it easier for user-assisted attackers to execute
 arbitrary JavaScript with chrome privileges via malicious code in a file
 that has already been saved on the local system.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: asac
CVSS: 

Patches_firefox-3.0:
upstream_firefox-3.0: needs-triage
dapper_firefox-3.0: DNE
gutsy_firefox-3.0: needed (reached end-of-life)
hardy_firefox-3.0: released (3.0.4+nobinonly-0ubuntu0.8.04.1)
intrepid_firefox-3.0: released (3.0.4+nobinonly-0ubuntu0.8.10.1)
devel_firefox-3.0: released (3.0.4+nobinonly-0ubuntu2)


Patches_xulrunner-1.9:
upstream_xulrunner-1.9: released (1.9.0.4)
dapper_xulrunner-1.9: DNE
gutsy_xulrunner-1.9: needed (reached end-of-life)
hardy_xulrunner-1.9: released (1.9.0.4+nobinonly-0ubuntu0.8.04.1)
intrepid_xulrunner-1.9: released (1.9.0.4+nobinonly-0ubuntu0.8.10.1)
devel_xulrunner-1.9: released (1.9.0.4+nobinonly-0ubuntu1)



Patches_firefox:
upstream_firefox: needs-triage
dapper_firefox: released (1.5.dfsg+1.5.0.15~prepatch080614h-0ubuntu1)
gutsy_firefox: released (2.0.0.18+nobinonly-0ubuntu0.7.10)
hardy_firefox: released (2.0.0.19+nobinonly1-0ubuntu0.8.04.1)
intrepid_firefox: DNE
devel_firefox: DNE