Vulnerability DatabaseCVE-2008-4065
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2008-4065
September 24, 2008
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Related Resources (53)
http://www.ubuntu.com/usn/usn-645-2
http://www.redhat.com/support/errata/RHSA-2008-0882.html
http://secunia.com/advisories/32144
http://www.redhat.com/support/errata/RHSA-2008-0879.html
https://access.redhat.com/security/cve/CVE-2008-4065
http://secunia.com/advisories/32845
http://www.ubuntu.com/usn/usn-645-1
http://secunia.com/advisories/32012
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123
http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
http://secunia.com/advisories/32092
http://secunia.com/advisories/33434
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html
http://www.redhat.com/support/errata/RHSA-2008-0908.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html
http://www.securityfocus.com/bid/31346
http://www.debian.org/security/2009/dsa-1697
http://www.vupen.com/english/advisories/2008/2661
http://secunia.com/advisories/34501
http://secunia.com/advisories/31987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383
http://secunia.com/advisories/33433
http://secunia.com/advisories/32025
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4065
http://secunia.com/advisories/31985
https://bugzilla.mozilla.org/show_bug.cgi?id=430740
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html
http://www.securitytracker.com/id?1020920
http://secunia.com/advisories/31984
http://download.novell.com/Download?buildid=WZXONb-tqBw~
http://secunia.com/advisories/32011
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422
http://www.debian.org/security/2009/dsa-1696
http://secunia.com/advisories/32044
http://secunia.com/advisories/32010
http://secunia.com/advisories/32196
http://www.vupen.com/english/advisories/2009/0977
http://secunia.com/advisories/32082
http://secunia.com/advisories/32096
http://secunia.com/advisories/32185
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232
http://www.debian.org/security/2008/dsa-1669
http://secunia.com/advisories/32042
https://exchange.xforce.ibmcloud.com/vulnerabilities/45356
http://www.debian.org/security/2008/dsa-1649
http://secunia.com/advisories/32089
http://secunia.com/advisories/32007
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:206
http://secunia.com/advisories/32095
http://www.mandriva.com/security/advisories?name=MDVSA-2008:205
http://www.ubuntu.com/usn/usn-647-1
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
LOW
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
3.7
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
NONE
CVSS v2
Base Score:
4.3
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79
EPSS
Base Score:
1.34