CVE-2008-0416: XSS
First published: Tue Feb 12 2008(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Thunderbird | <=2.0.0.11 | |
| Mozilla SeaMonkey | <=1.1.7 | |
| Mozilla Firefox | <=2.0.0.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.debian.org/security/2008/dsa-1484
- http://www.debian.org/security/2008/dsa-1485
- http://www.debian.org/security/2008/dsa-1489
- http://secunia.com/advisories/28839
- http://secunia.com/advisories/28864
- http://secunia.com/advisories/28865
- http://secunia.com/advisories/28879
- http://www.ubuntu.com/usn/usn-592-1
- http://www.us-cert.gov/cas/techalerts/TA08-087A.html
- http://secunia.com/advisories/29541
- http://www.securityfocus.com/bid/29303
- http://secunia.com/advisories/30327
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
- http://secunia.com/advisories/31043
- http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
- http://secunia.com/advisories/30620
- http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
- http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
- http://jvn.jp/en/jp/JVN21563357/index.html
- http://www.vupen.com/english/advisories/2008/2091/references
- http://www.vupen.com/english/advisories/2008/1793/references
- http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
- https://usn.ubuntu.com/576-1/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
- agent/references
- agent/author
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/description
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/2.0.0.11
- canonical/mozilla seamonkey
- version/mozilla seamonkey/1.1.7
- canonical/mozilla thunderbird
- version/mozilla thunderbird/2.0.0.11