Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) βzero-length non-ASCII sequencesβ in certain Asian character sets.
jvn.jp/en/jp/JVN21563357/index.html
jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000021.html
secunia.com/advisories/28839
secunia.com/advisories/28864
secunia.com/advisories/28865
secunia.com/advisories/28879
secunia.com/advisories/29541
secunia.com/advisories/30327
secunia.com/advisories/30620
secunia.com/advisories/31043
sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1
www.debian.org/security/2008/dsa-1484
www.debian.org/security/2008/dsa-1485
www.debian.org/security/2008/dsa-1489
www.gentoo.org/security/en/glsa/glsa-200805-18.xml
www.mozilla.org/security/announce/2008/mfsa2008-13.html
www.securityfocus.com/bid/29303
www.turbolinux.com/security/2008/TLSA-2008-9.txt
www.ubuntu.com/usn/usn-592-1
www.us-cert.gov/cas/techalerts/TA08-087A.html
www.vupen.com/english/advisories/2008/1793/references
www.vupen.com/english/advisories/2008/2091/references
bugzilla.mozilla.org/buglist.cgi?bug_id=404252%2C381412%2C407161
exchange.xforce.ibmcloud.com/vulnerabilities/40488
usn.ubuntu.com/576-1/