CVE-2008-0416

N/A Unknown
Published: February 12, 2008 Modified: April 23, 2026
View on NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://jvn.jp/en/jp/JVN21563357/index.html
Source: secalert@redhat.com
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
Source: secalert@redhat.com
http://secunia.com/advisories/28839
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28864
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28865
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/28879
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/29541
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30327
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/30620
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/31043
Source: secalert@redhat.com
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: secalert@redhat.com
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1484
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1485
Source: secalert@redhat.com
http://www.debian.org/security/2008/dsa-1489
Source: secalert@redhat.com
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: secalert@redhat.com
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
Source: secalert@redhat.com
http://www.securityfocus.com/bid/29303
Source: secalert@redhat.com
http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
Source: secalert@redhat.com
http://www.ubuntu.com/usn/usn-592-1
Source: secalert@redhat.com
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
Source: secalert@redhat.com
US Government Resource
http://www.vupen.com/english/advisories/2008/1793/references
Source: secalert@redhat.com
Vendor Advisory
http://www.vupen.com/english/advisories/2008/2091/references
Source: secalert@redhat.com
Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
Source: secalert@redhat.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
Source: secalert@redhat.com
https://usn.ubuntu.com/576-1/
Source: secalert@redhat.com
http://jvn.jp/en/jp/JVN21563357/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/28839
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28864
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28865
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/28879
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/29541
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30327
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30620
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/31043
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1484
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1485
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1489
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.mozilla.org/security/announce/2008/mfsa2008-13.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/29303
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.turbolinux.com/security/2008/TLSA-2008-9.txt
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/usn-592-1
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA08-087A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2008/1793/references
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2008/2091/references
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/40488
Source: af854a3a-2127-422b-91ae-364da2661108
https://usn.ubuntu.com/576-1/
Source: af854a3a-2127-422b-91ae-364da2661108

52 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
1.6%
73th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

mozilla

Related CVEs

CVE-2026-9677 N/A
CVE-2026-13245 6.1
CVE-2026-12404 5.3
CVE-2026-10820 N/A
CVE-2026-12415 9.8