VYPR
Unrated severityNVD Advisory· Published Sep 24, 2008· Updated Jun 16, 2026

CVE-2008-4066

CVE-2008-4066

Description

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
    • (no CPE)range: <2.0.0.17

Patches

Vulnerability mechanics

References

44

News mentions

0

No linked articles in our index yet.