4.3

CVE-2008-4065

Exploit

EPSS 1.31%
Published 24.09.2008 20:37:04
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

Affected products Warnungen 0 Metrics 2 CWE 1 References 54

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 2.0.0.17

Mozilla ≫ Firefox Version >= 3.0 < 3.0.2

Mozilla ≫ Seamonkey Version < 1.1.12

Mozilla ≫ Thunderbird Version < 2.0.0.17

Debian ≫ Debian Linux Version4.0

Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts

Canonical ≫ Ubuntu Linux Version7.04

Canonical ≫ Ubuntu Linux Version7.10

Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.31%	0.791

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/33433

Third Party Advisory

http://www.debian.org/security/2009/dsa-1697

Third Party Advisory

http://secunia.com/advisories/33434

Third Party Advisory

http://www.debian.org/security/2009/dsa-1696

Third Party Advisory

http://secunia.com/advisories/34501

Third Party Advisory

http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Broken Link

http://www.vupen.com/english/advisories/2009/0977

Third Party Advisory

http://download.novell.com/Download?buildid=WZXONb-tqBw~

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Third Party Advisory

http://secunia.com/advisories/31984

Third Party Advisory

http://secunia.com/advisories/31985

Third Party Advisory

http://secunia.com/advisories/32010

Third Party Advisory

http://secunia.com/advisories/32012

Third Party Advisory

http://secunia.com/advisories/32042

Third Party Advisory

http://secunia.com/advisories/32044

Third Party Advisory

http://secunia.com/advisories/32082

Third Party Advisory

http://secunia.com/advisories/32092

Third Party Advisory

http://secunia.com/advisories/32144

Third Party Advisory

http://secunia.com/advisories/32185

Third Party Advisory

http://secunia.com/advisories/32196

Third Party Advisory

http://secunia.com/advisories/32845

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Third Party Advisory

http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Third Party Advisory

http://www.debian.org/security/2008/dsa-1649

Third Party Advisory

http://www.debian.org/security/2008/dsa-1669

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0882.html

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0908.html

Third Party Advisory

http://www.ubuntu.com/usn/usn-645-1

Third Party Advisory

http://www.ubuntu.com/usn/usn-645-2

Third Party Advisory

http://www.vupen.com/english/advisories/2008/2661

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Third Party Advisory

http://secunia.com/advisories/32007

Third Party Advisory

http://secunia.com/advisories/32025

Third Party Advisory

http://www.securityfocus.com/bid/31346

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-647-1

Third Party Advisory

http://secunia.com/advisories/31987

Third Party Advisory

http://secunia.com/advisories/32011

Third Party Advisory

http://secunia.com/advisories/32089

Third Party Advisory

http://secunia.com/advisories/32095

Third Party Advisory

http://secunia.com/advisories/32096

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2008-0879.html

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Third Party Advisory

http://www.mozilla.org/security/announce/2008/mfsa2008-43.html

Vendor Advisory

http://www.securitytracker.com/id?1020920

Third Party Advisory

VDB Entry

https://bugzilla.mozilla.org/show_bug.cgi?id=430740

Vendor Advisory

Exploit

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/45356

Third Party Advisory

VDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2008-4065

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4065

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4065

EUVD