CVE-2008-4065
Published: 24 September 2008
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.15~prepatch080614e-0ubuntu3)
|
feisty |
Released
(2.0.0.17+0nobinonly-0ubuntu0.7.4)
|
|
gutsy |
Released
(2.0.0.17+1nobinonly-0ubuntu0.7.10)
|
|
hardy |
Released
(2.0.0.17+1nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Released
(3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
|
|
maverick |
Released
(3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
|
|
natty |
Released
(3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
|
|
upstream |
Released
(2.0.0.17)
|
|
firefox-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(3.0.3+build1+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(3.0.3+build1+nobinonly-0ubuntu1)
|
|
jaunty |
Released
(3.0.3+build1+nobinonly-0ubuntu1)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(3.0.3)
|
|
iceape Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.6.06.1)
|
feisty |
Released
(1.5.0.13+1.5.0.15~prepatch080614g-0ubuntu0.7.04.1)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(1.1.12+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.1.12+nobinonly-0ubuntu1)
|
|
jaunty |
Released
(1.1.12+nobinonly-0ubuntu1)
|
|
karmic |
Released
(1.1.12+nobinonly-0ubuntu1)
|
|
lucid |
Released
(1.1.12+nobinonly-0ubuntu1)
|
|
maverick |
Released
(1.1.12+nobinonly-0ubuntu1)
|
|
natty |
Released
(1.1.12+nobinonly-0ubuntu1)
|
|
upstream |
Released
(1.1.12)
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Released
(2.0.0.17+nobinonly-0ubuntu0.7.10.1)
|
|
hardy |
Released
(2.0.0.17+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(2.0.0.17+nobinonly-0ubuntu1)
|
|
jaunty |
Released
(2.0.0.17+nobinonly-0ubuntu1)
|
|
karmic |
Released
(2.0.0.17+nobinonly-0ubuntu1)
|
|
lucid |
Released
(2.0.0.17+nobinonly-0ubuntu1)
|
|
maverick |
Released
(2.0.0.17+nobinonly-0ubuntu1)
|
|
natty |
Released
(2.0.0.17+nobinonly-0ubuntu1)
|
|
upstream |
Released
(2.0.0.17)
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.7.10.1)
|
|
hardy |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.8.1.18+nobinonly.b308.cvs20090331t155113-0ubuntu0.8.10.1)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Does not exist
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(1.9.0.3+build1+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.3+build1+nobinonly-0ubuntu2)
|
|
jaunty |
Released
(1.9.0.3+build1+nobinonly-0ubuntu2)
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
upstream |
Released
(1.9.0.3)
|