CVE-2008-5513
CVSS V2 Medium 4.3
CVSS V3 None
Description
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Overview
- CVE ID
- CVE-2008-5513
- Assigner
- secalert@redhat.com
- Vulnerability Status
- Modified
- Published Version
- 2008-12-17T23:30:00
- Last Modified Date
- 2023-02-13T02:19:34
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 1 | OR | 2.0 | 2.0.0.19 |
| cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 1 | OR | 3.0 | 3.0.5 |
| cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:* | 1 | OR | 1.0 | 1.1.14 |
| cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* | 1 | OR | 2.0 | 2.0.0.19 |
| cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:* | 1 | OR | ||
| cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 4.3
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 2.9
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2008-5513 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5513 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 17:53:33 | Added to TrackCVE | |||
| 2023-02-02 18:02:07 | 2023-02-02T17:15:48 | CVE Modified Date | updated | |
| 2023-02-02 18:02:07 | Analyzed | Modified | Vulnerability Status | updated |
| 2023-02-02 18:02:08 | Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. | CVE-2008-5513 Firefox XSS vulnerabilities in SessionStore | Description | updated |
| 2023-02-13 03:02:48 | 2023-02-13T02:19:34 | CVE Modified Date | updated | |
| 2023-02-13 03:02:48 | CVE-2008-5513 Firefox XSS vulnerabilities in SessionStore | Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. | Description | updated |