CVE Database

CVE-2008-4066

Impact: Moderate
Public: 2008-09-23
Bugzilla: 463243: CVE-2008-4066 Mozilla low surrogates stripped from JavaScript before execution

Details

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug."

Find out more about CVE-2008-4066 from the MITRE CVE dictionary and NIST NVD.

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux Desktop version 5 (thunderbird) RHSA-2008:0908 October 01, 2008
Red Hat Enterprise Linux Optional Productivity Applications version 5 (thunderbird) RHSA-2008:0908 October 01, 2008
Red Hat Enterprise Linux version 2.1 (seamonkey) RHSA-2008:0882 September 24, 2008
Red Hat Enterprise Linux version 3 (seamonkey) RHSA-2008:0882 September 24, 2008
Red Hat Enterprise Linux version 4 RHSA-2008:0882 September 24, 2008
Red Hat Enterprise Linux version 4 (thunderbird) RHSA-2008:0908 October 01, 2008

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.