CVE-2008-0416

Executive Summary

Informations
Name	CVE-2008-0416	First vendor Publication	2008-02-11
Vendor	Cve	Last vendor Modification	2011-09-13

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score	4.3	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416

CWE : Common Weakness Enumeration

id	Name
CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Mozilla Firefox cpe:/a:mozilla:firefox:2.0.0.11	1
Application	Mozilla Seamonkey cpe:/a:mozilla:seamonkey:1.1.7	1
Application	Mozilla Thunderbird cpe:/a:mozilla:thunderbird:2.0.0.11	1

Open Source Vulnerability Database (OSVDB)

id	Description
42056	Mozilla Multiple Browsers Character Encoding Multiple Unspecified XSS

Internal Sources (Detail)

Source	Url
BID	http://www.securityfocus.com/bid/29303
CERT	http://www.us-cert.gov/cas/techalerts/TA08-087A.html
CONFIRM	http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
DEBIAN	http://www.debian.org/security/2008/dsa-1484 http://www.debian.org/security/2008/dsa-1485 http://www.debian.org/security/2008/dsa-1489
GENTOO	http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
JVN	http://jvn.jp/en/jp/JVN21563357/index.html
JVNDB	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
MISC	https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252,381412,407161
SECUNIA	http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28879 http://secunia.com/advisories/29541 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://secunia.com/advisories/31043
SUNALERT	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
TURBO	http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
UBUNTU	http://www.ubuntu.com/usn/usn-592-1 http://www.ubuntulinux.org/support/documentation/usn/usn-576-1
VUPEN	http://www.vupen.com/english/advisories/2008/1793/references http://www.vupen.com/english/advisories/2008/2091/references
XF	http://xforce.iss.net/xforce/xfdb/40488

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-05-11 00:07:59	Multiple Updates

Type	Count
CPE ID(s)	3
osvdb(s)	1

Related	Severity
USN-592-1	(Critical)
USN-576-1	(Critical)
TA08-087A	(Critical)
SUN-239546	(Critical)
SUN-238492	(Critical)
GLSA-200805-18	(Critical)
DSA-1489	(Critical)
DSA-1485	(Critical)
DSA-1484	(Critical)