// For flags

CVE-2008-0416

Mozilla arbitrary code execution

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

Múltiples vulnerabilidades de XSS en Mozilla Firefox en versiones anteriores a 2.0.0.12, Thunderbird en versiones anteriores a 2.0.0.12 y SeaMonkey en versiones anteriores a 1.1.8 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de ciertas codificaciones de caracteres, incluyendo (1) un carácter de retroceso que se trata como un espacio en blanco, (2) 0x80 con codificación Shift_JIS y (3) "secuencias de longitud cero non-ASCII" en ciertos conjuntos de caracteres asiáticos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-01-23 CVE Reserved
  • 2008-02-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-11-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (28)
URL Tag Source
http://jvn.jp/en/jp/JVN21563357/index.html Third Party Advisory
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html Third Party Advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html X_refsource_confirm
http://www.securityfocus.com/bid/29303 Vdb Entry
http://www.us-cert.gov/cas/techalerts/TA08-087A.html Third Party Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161 X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/40488 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://secunia.com/advisories/28839 2023-11-07
http://secunia.com/advisories/28864 2023-11-07
http://secunia.com/advisories/28865 2023-11-07
http://secunia.com/advisories/28879 2023-11-07
http://secunia.com/advisories/29541 2023-11-07
http://secunia.com/advisories/30327 2023-11-07
http://secunia.com/advisories/30620 2023-11-07
http://secunia.com/advisories/31043 2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 2023-11-07
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1 2023-11-07
http://www.debian.org/security/2008/dsa-1484 2023-11-07
http://www.debian.org/security/2008/dsa-1485 2023-11-07
http://www.debian.org/security/2008/dsa-1489 2023-11-07
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml 2023-11-07
http://www.turbolinux.com/security/2008/TLSA-2008-9.txt 2023-11-07
http://www.ubuntu.com/usn/usn-592-1 2023-11-07
http://www.vupen.com/english/advisories/2008/1793/references 2023-11-07
http://www.vupen.com/english/advisories/2008/2091/references 2023-11-07
https://usn.ubuntu.com/576-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2008-0416 2008-02-08
https://bugzilla.redhat.com/show_bug.cgi?id=431740 2008-02-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mozilla
Search vendor "Mozilla"
 Firefox
Search vendor "Mozilla" for product "Firefox"
 <= 2.0.0.11
Search vendor "Mozilla" for product "Firefox" and version " <= 2.0.0.11"
-
Affected
Mozilla
Search vendor "Mozilla"
 Seamonkey
Search vendor "Mozilla" for product "Seamonkey"
 <= 1.1.7
Search vendor "Mozilla" for product "Seamonkey" and version " <= 1.1.7"
-
Affected
Mozilla
Search vendor "Mozilla"
 Thunderbird
Search vendor "Mozilla" for product "Thunderbird"
 <= 2.0.0.11
Search vendor "Mozilla" for product "Thunderbird" and version " <= 2.0.0.11"
-
Affected