CVE-2008-0416 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12 Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings including (1) a backspace character that is treated as whitespace (2) 0x80 with Shift_JIS encoding and (3) \zero-length non-ASCII sequences\ in certain Asian character sets.

Reference

http://jvn.jp/en/jp/JVN21563357/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28879 http://secunia.com/advisories/29541 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://secunia.com/advisories/31043 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1 http://www.debian.org/security/2008/dsa-1484 http://www.debian.org/security/2008/dsa-1485 http://www.debian.org/security/2008/dsa-1489 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml http://www.mozilla.org/security/announce/2008/mfsa2008-13.html http://www.securityfocus.com/bid/29303 http://www.turbolinux.com/security/2008/TLSA-2008-9.txt http://www.ubuntu.com/usn/usn-592-1 http://www.us-cert.gov/cas/techalerts/TA08-087A.html http://www.vupen.com/english/advisories/2008/1793/references http://www.vupen.com/english/advisories/2008/2091/references https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252381412407161 https://exchange.xforce.ibmcloud.com/vulnerabilities/40488 https://usn.ubuntu.com/576-1/