CVE-2008-0416 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

8.7%

top 7.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Mozilla Seamonkey Mozilla Thunderbird

Timeline

PublishedFeb 12

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/firefox2.0.0.11

▶NVDmozilla/seamonkey1.1.7

▶NVDmozilla/thunderbird2.0.0.11

🔴Vulnerability Details

GHSA

GHSA-2h42-qmq7-j2qx: Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2↗2022-05-01

▶

Kernel

namei: allow restricted O_CREAT of FIFOs and regular files↗2018-08-23

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2008-03-26

▶

Ubuntu

Firefox vulnerabilities↗2008-02-08

▶

Red Hat

Mozilla arbitrary code execution↗2008-02-07

▶

💬Community

Bugzilla

CVE-2008-0416 Mozilla arbitrary code execution↗2008-02-06

▶