CVE-2008-5513: XSS
First published: Wed Dec 17 2008(Updated: )
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | >=2.0<2.0.0.19 | |
| Firefox | >=3.0<3.0.5 | |
| Mozilla SeaMonkey | >=1.0<1.1.14 | |
| Thunderbird | >=2.0<2.0.0.19 | |
| Ubuntu | =7.10 | |
| Ubuntu | =8.04 | |
| Ubuntu | =8.10 | |
| Debian Linux | =5.0 | |
| Debian Linux | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/33184
- http://secunia.com/advisories/33188
- http://secunia.com/advisories/33189
- http://secunia.com/advisories/33203
- http://secunia.com/advisories/33216
- http://secunia.com/advisories/33231
- http://secunia.com/advisories/33421
- http://secunia.com/advisories/33523
- http://secunia.com/advisories/34501
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
- http://www.debian.org/security/2009/dsa-1707
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
- http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
- http://www.redhat.com/support/errata/RHSA-2008-1036.html
- http://www.redhat.com/support/errata/RHSA-2008-1037.html
- http://www.redhat.com/support/errata/RHSA-2009-0002.html
- http://www.securityfocus.com/bid/32882
- http://www.securitytracker.com/id?1021421
- http://www.ubuntu.com/usn/usn-690-2
- http://www.vupen.com/english/advisories/2009/0977
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389
- https://usn.ubuntu.com/690-1/
Frequently Asked Questions
What is the severity of CVE-2008-5513?
CVE-2008-5513 is considered a critical vulnerability due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2008-5513?
To fix CVE-2008-5513, update Mozilla Firefox, SeaMonkey, or Thunderbird to the latest version that addresses the vulnerability.
Which versions of Mozilla products are affected by CVE-2008-5513?
CVE-2008-5513 affects Mozilla Firefox versions 3.x before 3.0.5 and 2.x before 2.0.0.19, as well as specific versions of SeaMonkey and Thunderbird.
What type of attacks can be executed due to CVE-2008-5513?
CVE-2008-5513 can enable remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks.
Is there a workaround for CVE-2008-5513?
There are no recommended workarounds for CVE-2008-5513; upgrading the software is the only effective mitigation.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- version/firefox/2.0
- version/firefox/3.0
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.0
- canonical/thunderbird
- version/thunderbird/2.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/7.10
- version/ubuntu/8.04
- version/ubuntu/8.10
- vendor/debian
- canonical/debian linux
- version/debian linux/5.0
- version/debian linux/4.0