4.3
CVE-2008-5513
- EPSS 1.78%
- Veröffentlicht 17.12.2008 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:00:27
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version >= 2.0 < 2.0.0.19
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version8.10
Debian ≫ Debian Linux Version4.0
Debian ≫ Debian Linux Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.78% | 0.754 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/33184
http://secunia.com/advisories/33188
http://secunia.com/advisories/33189
http://secunia.com/advisories/33203
http://secunia.com/advisories/33216
http://secunia.com/advisories/33231
http://secunia.com/advisories/33421
http://secunia.com/advisories/33523
http://www.debian.org/security/2009/dsa-1707
http://www.mandriva.com/security/advisories?name=MDVSA-2008:244
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
http://www.redhat.com/support/errata/RHSA-2008-1036.html
http://www.redhat.com/support/errata/RHSA-2008-1037.html
http://www.redhat.com/support/errata/RHSA-2009-0002.html
http://www.securityfocus.com/bid/32882
http://www.ubuntu.com/usn/usn-690-2
https://usn.ubuntu.com/690-1/
http://www.mozilla.org/security/announce/2008/mfsa2008-69.html
http://www.securitytracker.com/id?1021421
https://exchange.xforce.ibmcloud.com/vulnerabilities/47418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10389