Vulnerability Database

313,359

Total vulnerabilities in the database

CVE-2008-4066

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&#56325ascript" sequence, aka "HTML escaped low surrogates bug."

  • Published: Sep 24, 2008
  • Updated: Nov 9, 2025
  • CVE: CVE-2008-4066
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
mozilla / firefox 2.0.0.16 2.0.0.16.x
mozilla / firefox 2.0.0.15 2.0.0.15.x
mozilla / firefox 2.0.0.14 2.0.0.14.x