Home > Vulnerability Database > CVE-2008-4065

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2008-4065

Date: September 24, 2008

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

Severity Score

3.7

Related Resources (55)

Url: http://secunia.com/advisories/32196

Url: http://secunia.com/advisories/31987

Url: http://secunia.com/advisories/31985

Url: http://secunia.com/advisories/31984

Url: http://www.vupen.com/english/advisories/2009/0977

Url: http://secunia.com/advisories/32082

Url: http://www.redhat.com/support/errata/RHSA-2008-0882.html

Url: http://download.novell.com/Download?buildid=WZXONb-tqBw~

Url: http://www.debian.org/security/2008/dsa-1669

Url: http://secunia.com/advisories/33433

Url: http://secunia.com/advisories/32144

Url: http://secunia.com/advisories/33434

Url: https://access.redhat.com/security/cve/CVE-2008-4065

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11383

Url: http://secunia.com/advisories/32185

Url: http://www.redhat.com/support/errata/RHSA-2008-0879.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/45356

Url: http://secunia.com/advisories/32025

Url: http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-4065

Url: http://www.ubuntu.com/usn/usn-645-1

Url: http://www.ubuntu.com/usn/usn-645-2

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=430740

Url: http://www.ubuntu.com/usn/usn-647-1

Url: http://www.debian.org/security/2009/dsa-1696

Url: http://secunia.com/advisories/32012

Url: http://secunia.com/advisories/32011

Url: http://www.debian.org/security/2009/dsa-1697

Url: http://secunia.com/advisories/32010

Url: http://secunia.com/advisories/32096

Url: http://secunia.com/advisories/32095

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01403.html

Url: http://www.mozilla.org/security/announce/2008/mfsa2008-43.html

Url: http://www.redhat.com/support/errata/RHSA-2008-0908.html

Url: http://www.vupen.com/english/advisories/2008/2661

Url: http://www.debian.org/security/2008/dsa-1649

Url: http://secunia.com/advisories/32089

Url: http://secunia.com/advisories/34501

Url: http://secunia.com/advisories/32044

Url: http://secunia.com/advisories/32042

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4065

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:206

Url: http://secunia.com/advisories/32845

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.412123

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2008:205

Url: http://secunia.com/advisories/32007

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.405232

Url: http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01384.html

Url: http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.379422

Url: https://www.redhat.com/archives/fedora-package-announce/2008-September/msg01335.html

Url: http://secunia.com/advisories/32092

Url: http://www.securityfocus.com/bid/31346

Url: http://www.securitytracker.com/id?1020920

Url: https://www.mend.io/vulnerability-database/CVE-2008-4065

Severity Score

3.7

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us