Home

CVE-2008-0416

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) zero-length non-ASCII sequences in certain Asian character sets.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
6.627

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Mozilla Firefox (x64) 2.0.0.11Windows
Multiple vulnerabilities affected in Mozilla Thunderbird 2.0.0.11Windows
Multiple vulnerabilities affected in Mozilla_Firefox 2.0.0.11Windows
Multiple vulnerabilities affected in SeaMonkey 1.1.7Windows
Multiple Vulnerabilities are affected in Mozilla Firefox (x64) 2.0.0.11Windows
Multiple Vulnerabilities are affected in Mozilla_Firefox 2.0.0.11Windows
Multiple Vulnerabilities are affected in Mozilla Thunderbird 2.0.0.9Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 2.0.0.12Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-343016Mozilla Firefox (x64) (132.0.2)
PATCH-315938Mozilla Thunderbird (68.12.0)
PATCH-343015Mozilla Firefox (132.0.2)
PATCH-341197SeaMonkey (2.53.19)
PATCH-613630Mozilla Firefox For Mac (147.0.4)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234