CVE-2008-0416 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-0416
Status UNKNOWN
Description Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
Severity Medium
CVSS score 4,3
CVSS vector (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Phase ASSIGNED (13.09.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416
References BID : 29303
CERT : TA08-087A
CONFIRM : http://www.mozilla.org/security/announce/2008/mfsa...
DEBIAN : DSA-1484
DEBIAN : DSA-1485
DEBIAN : DSA-1489
GENTOO : GLSA-200805-18
JVN : JVN#21563357
JVNDB : JVNDB-2008-000021
MISC : https://bugzilla.mozilla.org/buglist.cgi?bug_id=40...
SECUNIA : 28839
SECUNIA : 28864
SECUNIA : 28865
SECUNIA : 28879
SECUNIA : 29541
SECUNIA : 30327
SECUNIA : 30620
SECUNIA : 31043
SUNALERT : 238492
SUNALERT : 239546
TURBO : TLSA-2008-9
UBUNTU : USN-576-1
UBUNTU : USN-592-1
VUPEN : ADV-2008-1793
VUPEN : ADV-2008-2091
XF : firefox-character-encoding-xss(40488)
SecurityVulns: Mozilla Firefox / Seamonkey multiple security vulnerabilities

test server