CVE-2008-0416 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-0416 PUBLISHED CVSS 4.300000190734863 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

EPSS 8.73% · 92.4th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

8.73%

92.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
mozilla	firefox	0
mozilla	thunderbird	0
mozilla	seamonkey	0

Timeline

Feb 12, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Aug 31, 2023 EPSS Score
Oct 22, 2023 EPSS Score

References

TLSA-2008-9 vendor-advisory
29541 third-party-advisory
firefox-character-encoding-xss(40488) vdb
JVNDB-2008-000021 third-party-advisory
30620 third-party-advisory
28865 third-party-advisory
28879 third-party-advisory
30327 third-party-advisory
238492 vendor-advisory
USN-592-1 vendor-advisory
DSA-1489 vendor-advisory
239546 vendor-advisory
28864 third-party-advisory
DSA-1485 vendor-advisory
ADV-2008-1793 vdb
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161 url
ADV-2008-2091 vdb
JVN#21563357 third-party-advisory
TA08-087A third-party-advisory
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html url

…and 9 more

Open in Interactive Console →