CVE-2008-5513

CVSS v2.0 4.3 (Medium)

EPSS 0.18 % (56^th)

Affected Products 5

Advisories 8

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2008-12-17 23:30:00
(15 years ago)
Updated Date: 2023-02-13 02:19:34
(19 months ago)

Affected Products

Canonical

Ubuntu Linux

Debian

Debian Linux

Mozilla

Configuration #1

	CPE23	From	Up To
Mozilla Firefox from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:firefox	>= 2.0	< 2.0.0.19
Mozilla Firefox from 3.0 version and prior 3.0.5 version	cpe:2.3:a:mozilla:firefox	>= 3.0	< 3.0.5
Mozilla Seamonkey from 1.0 version and prior 1.1.14 version	cpe:2.3:a:mozilla:seamonkey	>= 1.0	< 1.1.14
Mozilla Thunderbird from 2.0 version and prior 2.0.0.19 version	cpe:2.3:a:mozilla:thunderbird	>= 2.0	< 2.0.0.19

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 7.10	cpe:2.3:o:canonical:ubuntu_linux:7.10
	Canonical Ubuntu Linux 8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::*:lts
	Canonical Ubuntu Linux 8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10

Configuration #3

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0