[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-0416Date: (C)2008-02-11   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SUNALERT-238492
SUNALERT-239546
SECUNIA-28839
SECUNIA-28864
SECUNIA-28865
SECUNIA-28879
BID-29303
SECUNIA-29541
SECUNIA-30327
SECUNIA-30620
SECUNIA-31043
ADV-2008-1793
ADV-2008-2091
DSA-1484
DSA-1485
DSA-1489
GLSA-200805-18
JVN#21563357
JVNDB-2008-000021
TA08-087A
TLSA-2008-9
USN-576-1
USN-592-1
firefox-character-encoding-xss(40488)
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161

CPE    3
cpe:/a:mozilla:thunderbird
cpe:/a:mozilla:seamonkey
cpe:/a:mozilla:firefox
CWE    1
CWE-79
OVAL    3
oval:org.mitre.oval:def:7909
oval:org.mitre.oval:def:8000
oval:org.mitre.oval:def:7914

© SecPod Technologies