Severity: : Medium
  CVE Kennungen: : CVE-2008-4066
  Advisory Date: 21 de июля de 2015

  DESCRIPTION

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug."

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1002895
  Trend Micro Deep Security DPI Rule Name: 1002895 - Mozilla Firefox "HTML escaped low surrogates" XSS Attack

  AFFECTED SOFTWARE AND VERSION:

  • mozilla firefox 0.10
  • mozilla firefox 0.10.1
  • mozilla firefox 0.8
  • mozilla firefox 0.9
  • mozilla firefox 0.9.1
  • mozilla firefox 0.9.2
  • mozilla firefox 0.9.3
  • mozilla firefox 0.9_rc
  • mozilla firefox 1.0
  • mozilla firefox 1.0.1
  • mozilla firefox 1.0.2
  • mozilla firefox 1.0.3
  • mozilla firefox 1.0.4
  • mozilla firefox 1.0.5
  • mozilla firefox 1.0.6
  • mozilla firefox 1.0.7
  • mozilla firefox 1.0.8
  • mozilla firefox 1.5
  • mozilla firefox 1.5.0.1
  • mozilla firefox 1.5.0.10
  • mozilla firefox 1.5.0.11
  • mozilla firefox 1.5.0.12
  • mozilla firefox 1.5.0.2
  • mozilla firefox 1.5.0.3
  • mozilla firefox 1.5.0.4
  • mozilla firefox 1.5.0.5
  • mozilla firefox 1.5.0.6
  • mozilla firefox 1.5.0.7
  • mozilla firefox 1.5.0.8
  • mozilla firefox 1.5.0.9
  • mozilla firefox 1.5.1
  • mozilla firefox 1.5.2
  • mozilla firefox 1.5.3
  • mozilla firefox 1.5.4
  • mozilla firefox 1.5.5
  • mozilla firefox 1.5.6
  • mozilla firefox 1.5.7
  • mozilla firefox 1.5.8
  • mozilla firefox 1.8
  • mozilla firefox 2.0
  • mozilla firefox 2.0.0.1
  • mozilla firefox 2.0.0.10
  • mozilla firefox 2.0.0.11
  • mozilla firefox 2.0.0.12
  • mozilla firefox 2.0.0.13
  • mozilla firefox 2.0.0.14
  • mozilla firefox 2.0.0.15
  • mozilla firefox 2.0.0.16
  • mozilla firefox 2.0.0.17
  • mozilla firefox 2.0.0.2
  • mozilla firefox 2.0.0.3
  • mozilla firefox 2.0.0.4
  • mozilla firefox 2.0.0.5
  • mozilla firefox 2.0.0.6
  • mozilla firefox 2.0.0.7
  • Mozilla Firefox 2.0_.5
  • Mozilla Firefox 2.0_.4
  • Mozilla Firefox 2.0_.10
  • Mozilla Firefox 2.0_.1
  • Mozilla Firefox 2.0.0.9
  • Mozilla Firefox 2.0.0.8