CVE-2008-5513
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
| Software | From | Fixed in |
|---|---|---|
| mozilla / firefox | 2.0 | 2.0.0.19 |
| mozilla / firefox | 3.0 | 3.0.5 |
| mozilla / seamonkey | 1.0 | 1.1.14 |
| mozilla / thunderbird | 2.0 | 2.0.0.19 |
| canonical / ubuntu_linux | 7.10 | 7.10.x |
| canonical / ubuntu_linux | 8.04 | 8.04.x |
| canonical / ubuntu_linux | 8.10 | 8.10.x |
| debian / debian_linux | 5.0 | 5.0.x |
| debian / debian_linux | 4.0 | 4.0.x |
- http://secunia.com/advisories/33184
- http://secunia.com/advisories/33188
- http://secunia.com/advisories/33189
- http://secunia.com/advisories/33203
- http://secunia.com/advisories/33216
- http://secunia.com/advisories/33231
- http://secunia.com/advisories/33421
- http://secunia.com/advisories/33523
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.debian.org/security/2009/dsa-1707
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
- http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
- http://www.redhat.com/support/errata/RHSA-2008-1036.html
- http://www.redhat.com/support/errata/RHSA-2008-1037.html
- http://www.redhat.com/support/errata/RHSA-2009-0002.html
- http://www.securityfocus.com/bid/32882
- http://www.securitytracker.com/id?1021421
- http://www.ubuntu.com/usn/usn-690-2
- http://www.vupen.com/english/advisories/2009/0977
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389
- https://usn.ubuntu.com/690-1/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime