4.3

CVE-2008-4065

Exploit
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 2.0.0.17
MozillaFirefox Version >= 3.0 < 3.0.2
MozillaSeamonkey Version < 1.1.12
MozillaThunderbird Version < 2.0.0.17
DebianDebian Linux Version4.0
CanonicalUbuntu Linux Version6.06 SwEditionlts
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
CanonicalUbuntu Linux Version8.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.11% 0.895
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/33433
Third Party Advisory
http://www.debian.org/security/2009/dsa-1697
Third Party Advisory
http://secunia.com/advisories/33434
Third Party Advisory
http://www.debian.org/security/2009/dsa-1696
Third Party Advisory
http://secunia.com/advisories/34501
Third Party Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
Broken Link
http://www.vupen.com/english/advisories/2009/0977
Third Party Advisory
http://download.novell.com/Download?buildid=WZXONb-tqBw~
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
Third Party Advisory
http://secunia.com/advisories/31984
Third Party Advisory
http://secunia.com/advisories/31985
Third Party Advisory
http://secunia.com/advisories/32010
Third Party Advisory
http://secunia.com/advisories/32012
Third Party Advisory
http://secunia.com/advisories/32042
Third Party Advisory
http://secunia.com/advisories/32044
Third Party Advisory
http://secunia.com/advisories/32082
Third Party Advisory
http://secunia.com/advisories/32092
Third Party Advisory
http://secunia.com/advisories/32144
Third Party Advisory
http://secunia.com/advisories/32185
Third Party Advisory
http://secunia.com/advisories/32196
Third Party Advisory
http://secunia.com/advisories/32845
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
Third Party Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
Third Party Advisory
http://www.debian.org/security/2008/dsa-1649
Third Party Advisory
http://www.debian.org/security/2008/dsa-1669
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0882.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0908.html
Third Party Advisory
http://www.ubuntu.com/usn/usn-645-1
Third Party Advisory
http://www.ubuntu.com/usn/usn-645-2
Third Party Advisory
http://www.vupen.com/english/advisories/2008/2661
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
Third Party Advisory
http://secunia.com/advisories/32007
Third Party Advisory
http://secunia.com/advisories/32025
Third Party Advisory
http://www.securityfocus.com/bid/31346
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/usn-647-1
Third Party Advisory
http://secunia.com/advisories/31987
Third Party Advisory
http://secunia.com/advisories/32011
Third Party Advisory
http://secunia.com/advisories/32089
Third Party Advisory
http://secunia.com/advisories/32095
Third Party Advisory
http://secunia.com/advisories/32096
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0879.html
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
Vendor Advisory
http://www.securitytracker.com/id?1020920
Third Party Advisory
VDB Entry
https://bugzilla.mozilla.org/show_bug.cgi?id=430740
Vendor Advisory
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/45356
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383
Third Party Advisory