CVE - CVE-2008-4066

CVE-ID
CVE-2008-4066	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1020920 URL:http://www.securitytracker.com/id?1020920 MISC:256408 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1~~ (Obsolete source) MISC:31346 URL:http://www.securityfocus.com/bid/31346 MISC:31984 URL:http://secunia.com/advisories/31984 MISC:31985 URL:http://secunia.com/advisories/31985 MISC:32007 URL:http://secunia.com/advisories/32007 MISC:32010 URL:http://secunia.com/advisories/32010 MISC:32012 URL:http://secunia.com/advisories/32012 MISC:32025 URL:http://secunia.com/advisories/32025 MISC:32042 URL:http://secunia.com/advisories/32042 MISC:32044 URL:http://secunia.com/advisories/32044 MISC:32082 URL:http://secunia.com/advisories/32082 MISC:32092 URL:http://secunia.com/advisories/32092 MISC:32144 URL:http://secunia.com/advisories/32144 MISC:32185 URL:http://secunia.com/advisories/32185 MISC:32196 URL:http://secunia.com/advisories/32196 MISC:32845 URL:http://secunia.com/advisories/32845 MISC:34501 URL:http://secunia.com/advisories/34501 MISC:ADV-2008-2661 URL:~~http://www.vupen.com/english/advisories/2008/2661~~ (Obsolete source) MISC:ADV-2009-0977 URL:~~http://www.vupen.com/english/advisories/2009/0977~~ (Obsolete source) MISC:DSA-1649 URL:http://www.debian.org/security/2008/dsa-1649 MISC:DSA-1669 URL:http://www.debian.org/security/2008/dsa-1669 MISC:FEDORA-2008-8401 URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html MISC:FEDORA-2008-8429 URL:https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html MISC:JVN#96950482 URL:http://jvn.jp/en/jp/JVN96950482/index.html MISC:JVNDB-2011-000058 URL:http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000058.html MISC:MDVSA-2008:205 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:205~~ (Obsolete source) MISC:MDVSA-2008:206 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:206~~ (Obsolete source) MISC:RHSA-2008:0882 URL:http://www.redhat.com/support/errata/RHSA-2008-0882.html MISC:RHSA-2008:0908 URL:http://www.redhat.com/support/errata/RHSA-2008-0908.html MISC:SSA:2008-269-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232 MISC:SSA:2008-269-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422 MISC:SSA:2008-270-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123 MISC:SUSE-SA:2008:050 URL:http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html MISC:USN-645-1 URL:http://www.ubuntu.com/usn/usn-645-1 MISC:USN-645-2 URL:http://www.ubuntu.com/usn/usn-645-2 MISC:USN-647-1 URL:http://www.ubuntu.com/usn/usn-647-1 MISC:firefox-htmlparser-security-bypass(45358) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/45358 MISC:http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx URL:http://blogs.technet.com/bluehat/archive/2008/08/14/targeted-fuzzing.aspx MISC:http://download.novell.com/Download?buildid=WZXONb-tqBw~ URL:http://download.novell.com/Download?buildid=WZXONb-tqBw~ MISC:http://www.mozilla.org/security/announce/2008/mfsa2008-43.html URL:http://www.mozilla.org/security/announce/2008/mfsa2008-43.html MISC:http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/ URL:http://www.thespanner.co.uk/2008/06/30/javascript-protocol-fuzz-results/ MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=448166 URL:https://bugzilla.mozilla.org/show_bug.cgi?id=448166 MISC:oval:org.mitre.oval:def:8880 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8880
Assigning CNA
Red Hat, Inc.
Date Record Created
20080912	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080912)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)