CVE 2008-4065
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Related bugs and status
CVE-2008-4065 (Candidate) is related to these bugs:
Bug #218534: [Needs Packaging] JavaScript vulnerability in Firefox/Thunderbird/SeaMonkey/Xulrunner before 2.0.0.14/1.1.10/1.8.1.14
Bug #276437: security upgrade of seamonkey 1.1.12
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
276437 | security upgrade of seamonkey 1.1.12 | seamonkey (Ubuntu) | Undecided | Fix Released | ||
276437 | security upgrade of seamonkey 1.1.12 | seamonkey (Ubuntu Hardy) | Undecided | Fix Released | ||
276437 | security upgrade of seamonkey 1.1.12 | seamonkey (Ubuntu Intrepid) | Undecided | Fix Released |
Bug #469752: firefox,3.5/3.6 startup-notification bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu) | Medium | Invalid | ||
469752 | firefox,3.5/3.6 startup-notification bug | Mozilla Firefox | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Suse) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu Lucid) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu Lucid) | Medium | Invalid |
See the
CVE page on Mitre.org
for more details.