CVE-2008-5505 - OpenCVE

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Mozilla	Firefox

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox:3.0:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.1:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.2:::::::*
	cpe:2.3:a:mozilla:firefox:3.0.3:::::::*

References

Link	Resource
http://secunia.com/advisories/33188
http://secunia.com/advisories/33203
http://secunia.com/advisories/33216
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.mandriva.com/security/advisories?name=MDVSA-2008:245
http://www.mozilla.org/security/announce/2008/mfsa2008-63.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-1036.html
http://www.securityfocus.com/bid/32882
http://www.securitytracker.com/id?1021428
http://www.vupen.com/english/advisories/2009/0977
https://bugzilla.mozilla.org/show_bug.cgi?id=295994
https://exchange.xforce.ibmcloud.com/vulnerabilities/47411
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443
https://usn.ubuntu.com/690-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2008-12-17T23:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2008-12-12T00:00:00

Link: CVE-2008-5505

JSON object: View

NVD Information

Status : Modified

Published: 2008-12-17T23:30:00.547

Modified: 2018-10-03T21:56:45.497

Link: CVE-2008-5505

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-16T00:00:00", "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "32882", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32882"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=295994"}, {"name": "1021428", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1021428"}, {"name": "RHSA-2008:1036", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html"}, {"name": "ADV-2009-0977", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0977"}, {"name": "MDVSA-2008:245", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245"}, {"name": "USN-690-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/690-1/"}, {"name": "33203", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33203"}, {"name": "33216", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33216"}, {"name": "256408", "tags": ["vendor-advisory", "x_refsource_SUNALERT"], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-63.html"}, {"name": "firefox-xul-weak-security(47411)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47411"}, {"name": "33188", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33188"}, {"name": "oval:org.mitre.oval:def:10443", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443"}, {"name": "34501", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34501"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-5505", "datePublished": "2008-12-17T23:00:00", "dateReserved": "2008-12-12T00:00:00", "dateUpdated": "2018-10-03T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA1A625-36AB-4D9B-879D-571FE5DEA2F7", "versionEndIncluding": "3.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies."}, {"lang": "es", "value": "Mozilla Firefox 3.x antes de v3.0.5 permite a atacantes remotos evitar las restricciones de privacidad previstas utilizando el atributo persist en un elemento XUL para crear y acceder las entidades de datos que son parecidas a las cookies."}], "id": "CVE-2008-5505", "lastModified": "2018-10-03T21:56:45.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-17T23:30:00.547", "references": [{"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33188"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33203"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/33216"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/34501"}, {"source": "secalert@redhat.com", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:245"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.mozilla.org/security/announce/2008/mfsa2008-63.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-1036.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/32882"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1021428"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2009/0977"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=295994"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47411"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10443"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/690-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}