CVE - CVE-2008-0416

CVE-ID
CVE-2008-0416	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:238492 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1~~ (Obsolete source) MISC:239546 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1~~ (Obsolete source) MISC:28839 URL:http://secunia.com/advisories/28839 MISC:28864 URL:http://secunia.com/advisories/28864 MISC:28865 URL:http://secunia.com/advisories/28865 MISC:28879 URL:http://secunia.com/advisories/28879 MISC:29303 URL:http://www.securityfocus.com/bid/29303 MISC:29541 URL:http://secunia.com/advisories/29541 MISC:30327 URL:http://secunia.com/advisories/30327 MISC:30620 URL:http://secunia.com/advisories/30620 MISC:31043 URL:http://secunia.com/advisories/31043 MISC:ADV-2008-1793 URL:~~http://www.vupen.com/english/advisories/2008/1793/references~~ (Obsolete source) MISC:ADV-2008-2091 URL:~~http://www.vupen.com/english/advisories/2008/2091/references~~ (Obsolete source) MISC:DSA-1484 URL:http://www.debian.org/security/2008/dsa-1484 MISC:DSA-1485 URL:http://www.debian.org/security/2008/dsa-1485 MISC:DSA-1489 URL:http://www.debian.org/security/2008/dsa-1489 MISC:GLSA-200805-18 URL:http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml MISC:JVN#21563357 URL:http://jvn.jp/en/jp/JVN21563357/index.html MISC:JVNDB-2008-000021 URL:http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html MISC:TA08-087A URL:http://www.us-cert.gov/cas/techalerts/TA08-087A.html MISC:TLSA-2008-9 URL:http://www.turbolinux.com/security/2008/TLSA-2008-9.txt MISC:USN-576-1 URL:https://usn.ubuntu.com/576-1/ MISC:USN-592-1 URL:http://www.ubuntu.com/usn/usn-592-1 MISC:firefox-character-encoding-xss(40488) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/40488 MISC:http://www.mozilla.org/security/announce/2008/mfsa2008-13.html URL:http://www.mozilla.org/security/announce/2008/mfsa2008-13.html MISC:https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161 URL:https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
Assigning CNA
Red Hat, Inc.
Date Record Created
20080123	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080123)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)