CVE-2008-0416
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
83.0%
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) βzero-length non-ASCII sequencesβ in certain Asian character sets.
Affected configurations
References
jvn.jp/en/jp/JVN21563357/index.html
jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
secunia.com/advisories/28839
secunia.com/advisories/28864
secunia.com/advisories/28865
secunia.com/advisories/28879
secunia.com/advisories/29541
secunia.com/advisories/30327
secunia.com/advisories/30620
secunia.com/advisories/31043
sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
www.debian.org/security/2008/dsa-1484
www.debian.org/security/2008/dsa-1485
www.debian.org/security/2008/dsa-1489
www.gentoo.org/security/en/glsa/glsa-200805-18.xml
www.mozilla.org/security/announce/2008/mfsa2008-13.html
www.securityfocus.com/bid/29303
www.turbolinux.com/security/2008/TLSA-2008-9.txt
www.ubuntu.com/usn/usn-592-1
www.us-cert.gov/cas/techalerts/TA08-087A.html
www.vupen.com/english/advisories/2008/1793/references
www.vupen.com/english/advisories/2008/2091/references
bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
exchange.xforce.ibmcloud.com/vulnerabilities/40488
usn.ubuntu.com/576-1/
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
83.0%