CVE-2008-4066Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting9 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
1.2%
top 21.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox
Timeline
PublishedSep 24
Latest updateMay 2

Description

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDmozilla/firefox2.0.0.14, 2.0.0.15, 2.0.0.16+2

🔴Vulnerability Details

1
GHSA
GHSA-qqhw-rv6h-rvpx: Mozilla Firefox 22022-05-02

💥Exploits & PoCs

1
Exploit-DB
SubEdit Player build 4066 - subtitle Buffer Overflow (PoC)2008-04-19

📋Vendor Advisories

5
Ubuntu
Thunderbird vulnerabilities2008-09-26
Ubuntu
Firefox and xulrunner regression2008-09-25
Ubuntu
Firefox vulnerabilities2008-09-24
Ubuntu
Firefox and xulrunner vulnerabilities2008-09-24
Red Hat
Mozilla low surrogates stripped from JavaScript before execution2008-09-23

💬Community

1
Bugzilla
CVE-2008-4066 Mozilla low surrogates stripped from JavaScript before execution2008-09-22