4.3
CVE-2008-4065
- EPSS 4.11%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:05
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mozilla ≫ Thunderbird Version < 2.0.0.17
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version7.04
Canonical ≫ Ubuntu Linux Version7.10
Canonical ≫ Ubuntu Linux Version8.04 SwEditionlts
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.11% | 0.895 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://secunia.com/advisories/33433
http://www.debian.org/security/2009/dsa-1697
http://secunia.com/advisories/33434
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/34501
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
http://secunia.com/advisories/31984
http://secunia.com/advisories/31985
http://secunia.com/advisories/32010
http://secunia.com/advisories/32012
http://secunia.com/advisories/32042
http://secunia.com/advisories/32044
http://secunia.com/advisories/32082
http://secunia.com/advisories/32092
http://secunia.com/advisories/32144
http://secunia.com/advisories/32185
http://secunia.com/advisories/32196
http://secunia.com/advisories/32845
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
http://www.debian.org/security/2008/dsa-1649
http://www.debian.org/security/2008/dsa-1669
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
http://www.redhat.com/support/errata/RHSA-2008-0882.html
http://www.redhat.com/support/errata/RHSA-2008-0908.html
http://www.ubuntu.com/usn/usn-645-1
http://www.ubuntu.com/usn/usn-645-2
http://www.vupen.com/english/advisories/2008/2661
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
http://secunia.com/advisories/32007
http://secunia.com/advisories/32025
http://www.securityfocus.com/bid/31346
http://www.ubuntu.com/usn/usn-647-1
http://secunia.com/advisories/31987
http://secunia.com/advisories/32011
http://secunia.com/advisories/32089
http://secunia.com/advisories/32095
http://secunia.com/advisories/32096
http://www.redhat.com/support/errata/RHSA-2008-0879.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.securitytracker.com/id?1020920
https://bugzilla.mozilla.org/show_bug.cgi?id=430740
https://exchange.xforce.ibmcloud.com/vulnerabilities/45356
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383