NVD Vulnerability Detail

Search Exploit, PoC

Exploit DB

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2008-0416

Summary	Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
Publication Date	Feb. 12, 2008, noon
Registration Date	Jan. 29, 2021, 1:30 p.m.
Last Update	Nov. 7, 2023, 11:01 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	低
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:mozilla:thunderbird::::::::			2.0.0.11
cpe:2.3:a:mozilla:seamonkey::::::::			1.1.7
cpe:2.3:a:mozilla:firefox::::::::			2.0.0.11

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.debian.org/security/2008/dsa-1484	DEBIAN
2	http://www.debian.org/security/2008/dsa-1485	DEBIAN
3	http://www.debian.org/security/2008/dsa-1489	DEBIAN
4	http://secunia.com/advisories/28839	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/28864	SECUNIA	Vendor Advisory
6	http://secunia.com/advisories/28865	SECUNIA	Vendor Advisory
7	http://secunia.com/advisories/28879	SECUNIA	Vendor Advisory
8	http://www.ubuntu.com/usn/usn-592-1	UBUNTU
9	http://www.us-cert.gov/cas/techalerts/TA08-087A.html	CERT	US Government Resource
10	http://secunia.com/advisories/29541	SECUNIA	Vendor Advisory
11	http://www.securityfocus.com/bid/29303	BID
12	http://secunia.com/advisories/30327	SECUNIA	Vendor Advisory
13	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1	SUNALERT
14	http://secunia.com/advisories/31043	SECUNIA	Vendor Advisory
15	http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml	GENTOO
16	http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1	SUNALERT
17	http://secunia.com/advisories/30620	SECUNIA	Vendor Advisory
18	http://www.turbolinux.com/security/2008/TLSA-2008-9.txt	TURBO
19	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html	JVNDB
20	http://jvn.jp/en/jp/JVN21563357/index.html	JVN
21	http://www.vupen.com/english/advisories/2008/2091/references	VUPEN	Vendor Advisory
22	http://www.vupen.com/english/advisories/2008/1793/references	VUPEN	Vendor Advisory
23	http://www.mozilla.org/security/announce/2008/mfsa2008-13.html	CONFIRM
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/40488	XF
25	https://usn.ubuntu.com/576-1/	UBUNTU
26	https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161	MISC

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html