Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0416

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0416
Last Modified 29 Jul 2013 11:45:10
Published 11 Feb 2008 10:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0416

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.11

  • Mozilla Seamonkey 1.1.7

  • Mozilla Thunderbird 2.0.0.11


References

CERT - TA08-087A

MISC - https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161

XF - firefox-character-encoding-xss(40488)

VUPEN - ADV-2008-2091

VUPEN - ADV-2008-1793

UBUNTU - USN-576-1

UBUNTU - USN-592-1

TURBO - TLSA-2008-9

BID - 29303

CONFIRM - http://www.mozilla.org/security/announce/2008/mfsa2008-13.html

GENTOO - GLSA-200805-18

DEBIAN - DSA-1489

DEBIAN - DSA-1485

DEBIAN - DSA-1484

SUNALERT - 239546

SUNALERT - 238492

SECUNIA - 31043

SECUNIA - 30620

SECUNIA - 30327

SECUNIA - 29541

SECUNIA - 28879

SECUNIA - 28865

SECUNIA - 28864

SECUNIA - 28839

JVNDB - JVNDB-2008-000021

JVN - JVN#21563357


Last Updated: 27 May 2016 10:46:48