CVE-2008-0416
Published: 12 February 2008
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets.
Priority
Status
Package | Release | Status |
---|---|---|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080202a-0ubuntu1)
|
edgy |
Released
(2.0.0.12+0nobinonly+2-0ubuntu0.6.10)
|
|
feisty |
Released
(2.0.0.12+1nobinonly+2-0ubuntu0.7.4)
|
|
gutsy |
Released
(2.0.0.12+2nobinonly+2-0ubuntu0.7.10)
|
|
hardy |
Released
(2.0.0.12+2nobinonly+2-0ubuntu3)
|
|
intrepid |
Does not exist
|
|
upstream |
Released
(2.0.0.12)
|
|
icedove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
iceweasel Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(1.1.9+nobinonly-0ubuntu1)
|
|
intrepid |
Released
(1.1.9+nobinonly-0ubuntu1)
|
|
upstream |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Not vulnerable
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Ignored
(end of life, was needs-triage)
|
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
hardy |
Released
(1.8.1.13+nobinonly-0ubuntu1)
|
|
intrepid |
Released
(1.8.1.13+nobinonly-0ubuntu1)
|
|
upstream |
Released
(1.8.1.13)
|