Rapid7 Vulnerability & Exploit Database

MFSA2008-43 SeaMonkey: BOM characters stripped from JavaScript before execution (CVE-2008-4066)

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

MFSA2008-43 SeaMonkey: BOM characters stripped from JavaScript before execution (CVE-2008-4066)

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

09/24/2008

Created

07/25/2018

Added

02/03/2012

Modified

02/13/2015

Description

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."

Solution(s)

mozilla-seamonkey-upgrade-1_1_12

References

https://attackerkb.com/topics/cve-2008-4066
31346
CVE - 2008-4066
DSA-1649
DSA-1669
OVAL8880
RHSA-2008:0882
RHSA-2008:0908
SUSE-SA:2008:050
http://www.mozilla.org/security/announce/2008/mfsa2008-43.html
45358

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

MFSA2008-43 SeaMonkey: BOM characters stripped from JavaScript before execution (CVE-2008-4066)

MFSA2008-43 SeaMonkey: BOM characters stripped from JavaScript before execution (CVE-2008-4066)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Success! Thank you for submission. We will be in touch shortly.

Submit your information and we will get in touch with you.