CVE-2008-4065

Mozilla Firefox < 2.0.0.17 - XSS

Title source: rule

Description

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

References (51)

... and 31 more

Scores

EPSS 0.0134
EPSS Percentile 79.8%

Classification

CWE
CWE-79
Status published

Affected Products (9)

mozilla/firefox < 2.0.0.17
mozilla/seamonkey < 1.1.12
mozilla/thunderbird < 2.0.0.17
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
n/a/n/a

Timeline

Published Sep 24, 2008
Tracked Since Feb 18, 2026