Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.

Published

2008-12-17T23:30:00.670

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 2.0.0.19	Yes
Application	mozilla	firefox	< 3.0.5	Yes
Application	mozilla	seamonkey	< 1.1.14	Yes
Application	mozilla	thunderbird	< 2.0.0.19	Yes
Operating System	canonical	ubuntu_linux	7.10	Yes
Operating System	canonical	ubuntu_linux	8.04	Yes
Operating System	canonical	ubuntu_linux	8.10	Yes
Operating System	debian	debian_linux	4.0	Yes
Operating System	debian	debian_linux	5.0	Yes

References

http://secunia.com/advisories/33184 Third Party Advisory ([email protected])
http://secunia.com/advisories/33188 Third Party Advisory ([email protected])
http://secunia.com/advisories/33189 Third Party Advisory ([email protected])
http://secunia.com/advisories/33203 Third Party Advisory ([email protected])
http://secunia.com/advisories/33216 Third Party Advisory ([email protected])
http://secunia.com/advisories/33231 Third Party Advisory ([email protected])
http://secunia.com/advisories/33421 Third Party Advisory ([email protected])
http://secunia.com/advisories/33523 Third Party Advisory ([email protected])
http://secunia.com/advisories/34501 Third Party Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link ([email protected])
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory ([email protected])
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1021421 Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/47418 Third Party Advisory, VDB Entry ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389 Third Party Advisory ([email protected])
https://usn.ubuntu.com/690-1/ Third Party Advisory ([email protected])
http://secunia.com/advisories/33184 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33188 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33189 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33203 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33216 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33231 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33421 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33523 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34501 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2009/dsa-1707 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1036.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-1037.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2009-0002.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32882 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1021421 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-690-2 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/0977 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47418 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/690-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)