CVE-2008-4066

Impact:
Moderate
Public Date:
2008-09-23
Bugzilla:
463243: CVE-2008-4066 Mozilla low surrogates stripped from JavaScript before execution

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."

Find out more about CVE-2008-4066 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server) (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 4 RHSA-2008:0882 2008-09-24
Red Hat Enterprise Linux 3 (seamonkey) RHSA-2008:0882 2008-09-24
Red Hat Enterprise Linux 4 (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 5 (thunderbird) RHSA-2008:0908 2008-10-01
Red Hat Enterprise Linux 2.1 (seamonkey) RHSA-2008:0882 2008-09-24

Affected Packages State

Platform Package State
Red Hat Enterprise Linux version 4 devhelp 0.10-0.10.el4 Fixed
Red Hat Enterprise Linux version 4 seamonkey 1.0.9-26.el4 Fixed

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation