VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 17, 2008· Updated Apr 23, 2026

CVE-2008-5513

CVE-2008-5513

Description

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Firefox session-restore vulnerability allows same-origin policy bypass and cross-site scripting via SessionStore data restoration.

Vulnerability

Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 contain an unspecified vulnerability in the session-restore feature. The bug involves restoration of SessionStore data, which can be exploited to bypass the same-origin policy and inject content into documents from other domains, leading to cross-site scripting (XSS) attacks [1].

Exploitation

The attack vector is not fully disclosed in available references, but it likely requires an attacker to craft malicious SessionStore data that is restored by the browser. No direct user interaction beyond normal browsing and session restore is needed, as the vulnerability is triggered automatically during restore.

Impact

Successful exploitation allows an attacker to bypass the same-origin policy and inject arbitrary content into documents associated with other domains, leading to cross-site scripting (XSS) attacks. This could result in information disclosure, session hijacking, or arbitrary actions in the context of the target site.

Mitigation

Firefox 3.0.5 and 2.0.0.19, released on December 16, 2008, patch this issue [1]. Users should upgrade to these or later versions. No workarounds are available. This CVE is not listed in CISA's Known Exploited Vulnerabilities catalog.

References
  1. USN-690-2: Firefox vulnerabilities | Ubuntu security notices | Ubuntu

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

9
  • Mozilla Corporation/Firefox2 versions
    cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: >=2.0,<2.0.0.19
    • (no CPE)range: >=2.0.0.0, <2.0.0.19; >=3.0.0, <3.0.5
  • Mozilla Corporation/Seamonkey
    cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
    Range: >=1.0,<1.1.14
  • Mozilla Corporation/Thunderbird
    cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
    Range: >=2.0,<2.0.0.19
  • Canonical/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
  • Debian/Debian Linux2 versions
    cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

24

News mentions

0

No linked articles in our index yet.