4.3

CVE-2008-4066

Exploit
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version2.0.0.14
MozillaFirefox Version2.0.0.15
MozillaFirefox Version2.0.0.16
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.751
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/34501
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://www.vupen.com/english/advisories/2009/0977
Vendor Advisory
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
http://secunia.com/advisories/31984
Vendor Advisory
http://secunia.com/advisories/31985
Vendor Advisory
http://secunia.com/advisories/32010
Vendor Advisory
http://secunia.com/advisories/32012
Vendor Advisory
http://secunia.com/advisories/32042
Vendor Advisory
http://secunia.com/advisories/32044
Vendor Advisory
http://secunia.com/advisories/32082
Vendor Advisory
http://secunia.com/advisories/32092
Vendor Advisory
http://secunia.com/advisories/32144
Vendor Advisory
http://secunia.com/advisories/32185
http://secunia.com/advisories/32196
http://secunia.com/advisories/32845
Vendor Advisory
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
http://www.debian.org/security/2008/dsa-1649
http://www.debian.org/security/2008/dsa-1669
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
http://www.redhat.com/support/errata/RHSA-2008-0882.html
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2008-0908.html
Vendor Advisory
http://www.ubuntu.com/usn/usn-645-1
http://www.ubuntu.com/usn/usn-645-2
http://www.vupen.com/english/advisories/2008/2661
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
Vendor Advisory
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
http://secunia.com/advisories/32007
Vendor Advisory
http://secunia.com/advisories/32025
Vendor Advisory
http://www.securityfocus.com/bid/31346
http://www.ubuntu.com/usn/usn-647-1
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
http://www.securitytracker.com/id?1020920
http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx
Exploit
http://jvn.jp/en/jp/JVN96950482/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html
http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/
Exploit
https://bugzilla.mozilla.org/show_bug.cgi?id=448166
https://exchange.xforce.ibmcloud.com/vulnerabilities/45358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880