CVE-2008-4065

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."

🔗 References (102)

• secalert@redhathttp://download.novell.com/Download?buildid=WZXONb-tqBw~
• secalert@redhathttp://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html
• secalert@redhathttp://secunia.com/advisories/31984
• secalert@redhathttp://secunia.com/advisories/31985
• secalert@redhathttp://secunia.com/advisories/31987
• secalert@redhathttp://secunia.com/advisories/32007
• secalert@redhathttp://secunia.com/advisories/32010
• secalert@redhathttp://secunia.com/advisories/32011
• secalert@redhathttp://secunia.com/advisories/32012
• secalert@redhathttp://secunia.com/advisories/32025
• secalert@redhathttp://secunia.com/advisories/32042
• secalert@redhathttp://secunia.com/advisories/32044
• secalert@redhathttp://secunia.com/advisories/32082
• secalert@redhathttp://secunia.com/advisories/32089
• secalert@redhathttp://secunia.com/advisories/32092