[Japanese]
|
JVNDB-2008-000021
|
Mozilla Firefox cross-site scripting vulnerability
|
Mozilla Firefox web browser contains a cross-site scripting vulnerability.
Mozilla Firefox does not properly handle certain HTML documents in Shift_JIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard.
|
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
mozilla.org contributors
- Mozilla Firefox prior to 2.0.0.12
Sun Microsystems, Inc.
- OpenSolaris (sparc)
- OpenSolaris (x86)
- Sun Solaris 10 (sparc)
- Sun Solaris 10 (x86)
Turbolinux, Inc.
- Turbolinux FUJI
- Turbolinux Server 11
- Turbolinux Server 11 (x64)
- wizpy
Red Hat, Inc.
- Red Hat Enterprise Linux 5 (server)
- Red Hat Enterprise Linux 2.1 (as)
- Red Hat Enterprise Linux 3 (as)
- Red Hat Enterprise Linux 4 (as)
- Red Hat Enterprise Linux 2.1 (es)
- Red Hat Enterprise Linux 3 (es)
- Red Hat Enterprise Linux 4 (es)
- Red Hat Enterprise Linux 2.1 (ws)
- Red Hat Enterprise Linux 3 (ws)
- Red Hat Enterprise Linux 4 (ws)
- Red Hat Enterprise Linux Desktop 3.0
- Red Hat Enterprise Linux Desktop 4.0
- Red Hat Enterprise Linux Desktop 5.0 (client)
- Red Hat Linux Advanced Workstation 2.1
- RHEL Desktop Workstation 5 (client)
|
|
An arbitrary script may be executed on the user's web browser.
|
[Update the Software]
Update to the latest version according to the information provided by the vendor.
|
mozilla.org contributors
Sun Microsystems, Inc.
- Sun Alert Notification : 238492
- Sun Alert Notification : 239546
Turbolinux, Inc.
Red Hat, Inc.
|
- Cross-site Scripting(CWE-79) [NVD Evaluation]
|
- CVE-2008-0416
|
- JVN : JVN#21563357
- National Vulnerability Database (NVD) : CVE-2008-0416
- SecurityFocus : 29303
|
- [2008/05/21]
Web page published
[2008/06/23]
Affected Products : Added Sun Microsystems, Inc. (238492).
Vendor Information : Added Sun Microsystems, Inc. (238492).
[2008/07/29]
Vendor Information : Sun Microsystems, Inc (239546).
|