CVE-2008-4066

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 2.0.0.14 through 2.0.0.17 libxul0d-dbg (affected versions not specified) libxul-dev (affected versions not specified) libsmjs1 (affected versions not specified) libmozjs0d-dbg (affected versions not specified) libmozjs0d (affected versions not specified) libxul0d (affected versions not specified) libnss3-0d-dbg (affected versions not specified) libsmjs-dev (affected versions not specified) libnss3-0d (affected versions not specified) libxul-common (affected versions not specified)

Description The issue allows remote attackers to bypass cross-site scripting protection mechanisms and conduct attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser. Multiple vulnerabilities in various Debian GNU/Linux packages may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For Mozilla Firefox versions 2.0.0.14 through 2.0.0.17, update to version 2.0.0.17 or later. For libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.