CVE-2008-0416

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

• CWE-79

• http://jvn.jp/en/jp/JVN21563357/index.html
• http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
• http://secunia.com/advisories/28839Vendor Advisory
• http://secunia.com/advisories/28864Vendor Advisory
• http://secunia.com/advisories/28865Vendor Advisory
• http://secunia.com/advisories/28879Vendor Advisory
• http://secunia.com/advisories/29541Vendor Advisory
• http://secunia.com/advisories/30327Vendor Advisory
• http://secunia.com/advisories/30620Vendor Advisory
• http://secunia.com/advisories/31043Vendor Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
• http://www.debian.org/security/2008/dsa-1484
• http://www.debian.org/security/2008/dsa-1485
• http://www.debian.org/security/2008/dsa-1489
• http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
• http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
• http://www.securityfocus.com/bid/29303
• http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
• http://www.ubuntu.com/usn/usn-592-1
• http://www.us-cert.gov/cas/techalerts/TA08-087A.htmlUS Government Resource
• http://www.vupen.com/english/advisories/2008/1793/referencesVendor Advisory
• http://www.vupen.com/english/advisories/2008/2091/referencesVendor Advisory
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
• https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
• https://usn.ubuntu.com/576-1/
• http://jvn.jp/en/jp/JVN21563357/index.html
• http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
• http://secunia.com/advisories/28839Vendor Advisory
• http://secunia.com/advisories/28864Vendor Advisory
• http://secunia.com/advisories/28865Vendor Advisory
• http://secunia.com/advisories/28879Vendor Advisory
• http://secunia.com/advisories/29541Vendor Advisory
• http://secunia.com/advisories/30327Vendor Advisory
• http://secunia.com/advisories/30620Vendor Advisory
• http://secunia.com/advisories/31043Vendor Advisory
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
• http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
• http://www.debian.org/security/2008/dsa-1484
• http://www.debian.org/security/2008/dsa-1485
• http://www.debian.org/security/2008/dsa-1489
• http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
• http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
• http://www.securityfocus.com/bid/29303
• http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
• http://www.ubuntu.com/usn/usn-592-1
• http://www.us-cert.gov/cas/techalerts/TA08-087A.htmlUS Government Resource
• http://www.vupen.com/english/advisories/2008/1793/referencesVendor Advisory
• http://www.vupen.com/english/advisories/2008/2091/referencesVendor Advisory
• https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
• https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
• https://usn.ubuntu.com/576-1/

Published

Feb 12, 2008

Last Modified

Jun 16, 2026

Status

Modified