SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-4065

Date: (C)2008-09-24 (M)2024-02-09

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SECTRACK-1020920

SUNALERT-256408

FEDORA-2008-8401

FEDORA-2008-8425

FEDORA-2008-8429

SSA:2008-269-01

SSA:2008-269-02

SSA:2008-270-01

SUSE-SA:2008:050

firefox-bom-security-bypass(45356)

http://download.novell.com/Download?buildid=WZXONb-tqBw~

http://www.mozilla.org/security/announce/2008/mfsa2008-43.html

https://bugzilla.mozilla.org/show_bug.cgi?id=430740

oval:org.mitre.oval:def:11383

cpe:/a:mozilla:thunderbird
cpe:/o:debian:debian_linux:4.0
cpe:/o:canonical:ubuntu_linux:6.06::~~lts~~~
cpe:/o:canonical:ubuntu_linux:7.04
...

oval:org.secpod.oval:def:301323
oval:org.secpod.oval:def:301362
oval:org.mitre.oval:def:7657
oval:org.secpod.oval:def:600503
...

© SecPod Technologies