4.3

CVE-2008-0416

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox  before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 2.0.0.11
MozillaSeamonkey Version <= 1.1.7
MozillaThunderbird Version <= 2.0.0.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.62% 0.729
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/29541
Vendor Advisory
http://secunia.com/advisories/30327
Vendor Advisory
http://secunia.com/advisories/30620
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
http://www.ubuntu.com/usn/usn-592-1
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
US Government Resource
http://www.vupen.com/english/advisories/2008/1793/references
Vendor Advisory
http://secunia.com/advisories/28839
Vendor Advisory
http://secunia.com/advisories/28864
Vendor Advisory
http://secunia.com/advisories/28865
Vendor Advisory
http://secunia.com/advisories/28879
Vendor Advisory
http://secunia.com/advisories/31043
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
http://www.debian.org/security/2008/dsa-1484
http://www.debian.org/security/2008/dsa-1485
http://www.debian.org/security/2008/dsa-1489
http://www.vupen.com/english/advisories/2008/2091/references
Vendor Advisory
http://jvn.jp/en/jp/JVN21563357/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
http://www.securityfocus.com/bid/29303
http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
https://usn.ubuntu.com/576-1/