FLAT-9UD78 – Vulnerability | Fluid Attacks Database

Database

Description

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	thunderbird	<0:2.0.0.17-1.el5	0:2.0.0.17-1.el5
rpm rhel5	nss	<0:3.12.1.1-1.el5	0:3.12.1.1-1.el5
rpm rhel5	xulrunner	<0:1.9.0.2-5.el5	0:1.9.0.2-5.el5
rpm rhel5	devhelp	<0:0.12-19.el5	0:0.12-19.el5
rpm rhel5	firefox	<0:3.0.2-3.el5	0:3.0.2-3.el5
rpm rhel5	yelp	<0:2.16.0-21.el5	0:2.16.0-21.el5

Aliases

1. CVE-2008-40652. NVD-2008-40653. OSV-2008-4065

FLAT-9UD78 – Vulnerability | Fluid Attacks Database