CVE Vulnerability

CVE-2008-5505

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=295994
http://www.mozilla.org/security/announce/2008/mfsa2008-63.html Vendor Advisory
http://secunia.com/advisories/33216
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
http://secunia.com/advisories/33188
http://www.securitytracker.com/id?1021428
http://secunia.com/advisories/33203
http://www.redhat.com/support/errata/RHSA-2008-1036.html
http://www.securityfocus.com/bid/32882
http://www.vupen.com/english/advisories/2009/0977
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://secunia.com/advisories/34501
https://exchange.xforce.ibmcloud.com/vulnerabilities/47411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443
https://usn.ubuntu.com/690-1/
Configurations

Configuration 1

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
Information

Published : 2008-12-17 11:30

Updated : 2018-10-03 09:56

NVD link : CVE-2008-5505

Mitre link : CVE-2008-5505

Products Affected
No products.
CWE
CWE-264