CVE-2008-5019 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

12.8%

top 5.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Canonical Ubuntu Linux Debian Linux

Timeline

PublishedNov 13

Latest updateMay 14

Description

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox2.0 — 2.0.0.18+1

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

🔴Vulnerability Details

GHSA

GHSA-w542-59hv-5363: The session restore feature in Mozilla Firefox 3↗2022-05-14

▶

📋Vendor Advisories

Ubuntu

Firefox and xulrunner vulnerabilities↗2008-11-17

▶

Red Hat

Mozilla XSS via session restore↗2008-11-12

▶

💬Community

Bugzilla

CVE-2008-5019 Mozilla XSS via session restore↗2008-11-10

▶