VDB
CVE-2008-0416
CVE-2008-0416
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
EPSS 9.26% · 92.9th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
9.26%
92.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| mozilla | firefox | 0 |
| mozilla | thunderbird | 0 |
| mozilla | seamonkey | 0 |
Exploit Intelligence
- TLSA-2008-9 (circl)
- 29541 (circl)
- firefox-character-encoding-xss(40488) (circl)
- JVNDB-2008-000021 (circl)
- 30620 (circl)
- 28865 (circl)
- 28879 (circl)
- 30327 (circl)
- 238492 (circl)
- USN-592-1 (circl)
…and 16 more exploits
Timeline
- Feb 12, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
References
- TLSA-2008-9 vendor-advisory
- 29541 third-party-advisory
- firefox-character-encoding-xss(40488) vdb
- JVNDB-2008-000021 third-party-advisory
- 30620 third-party-advisory
- 28865 third-party-advisory
- 28879 third-party-advisory
- 30327 third-party-advisory
- 238492 vendor-advisory
- USN-592-1 vendor-advisory
- DSA-1489 vendor-advisory
- 239546 vendor-advisory
- 28864 third-party-advisory
- DSA-1485 vendor-advisory
- ADV-2008-1793 vdb
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161 url
- ADV-2008-2091 vdb
- JVN#21563357 third-party-advisory
- TA08-087A third-party-advisory
- http://www.mozilla.org/security/announce/2008/mfsa2008-13.html url
…and 9 more