jvndb-2008-000021
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-07-29 14:54
Severity
() - -
Summary
Mozilla Firefox cross-site scripting vulnerability
Details
Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.
References
TypeURL
JVN http://jvn.jp/en/jp/JVN21563357/index.html
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416
BID http://www.securityfocus.com/bid/29303
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
VendorProduct
mozilla.org contributorsMozilla Firefox
Red Hat, Inc.Red Hat Enterprise Linux
Red Hat, Inc.Red Hat Enterprise Linux Desktop
Red Hat, Inc.Red Hat Linux Advanced Workstation
Red Hat, Inc.RHEL Desktop Workstation
Sun Microsystems, Inc.OpenSolaris
Sun Microsystems, Inc.Sun Solaris
Turbolinux, Inc.Turbolinux FUJI
Turbolinux, Inc.Turbolinux Server
Turbolinux, Inc.wizpy
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html",
  "dc:date": "2008-07-29T14:54+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-07-29T14:54+09:00",
  "description": "Mozilla Firefox web browser contains a cross-site scripting vulnerability.\r\n\r\nMozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000021.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:mozilla:firefox",
      "@product": "Mozilla Firefox",
      "@vendor": "mozilla.org contributors",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:opensolaris",
      "@product": "OpenSolaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-000021",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN21563357/index.html",
      "@id": "JVN#21563357",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0416",
      "@id": "CVE-2008-0416",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0416",
      "@id": "CVE-2008-0416",
      "@source": "NVD"
    },
    {
      "#text": "http://www.securityfocus.com/bid/29303",
      "@id": "29303",
      "@source": "BID"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Mozilla Firefox cross-site scripting vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.