CVE-2008-5019

NameCVE-2008-5019
DescriptionThe session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1671-1
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
iceweaselsourceetch2.0.0.18-0etch1DSA-1671-1
iceweaselsource(unstable)3.0.4-1
xulrunnersourceetch(unfixed)end-of-life
xulrunnersource(unstable)1.9.0.4-1

Notes

[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
patch for xulrunner currently not suitable, Alexander will check this further

Search for package or bug name: Reporting problems