Intrusion Prevention

Mozilla.Firefox.JavaScript.Html.Escaped.Surrogates.XSS

Description

This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in Mozilla Firefox.
The vulnerability is caused by an error when the HTML parser handles a specially crafted web page. It allows a remote attacker to bypass cross-site scripting (XSS) protection mechanisms and cause XSS attacks.

Affected Products

Mozilla Firefox 3.0.1 and previous versions
Mozilla Firefox 2.0.0.16 and previous versions

Impact

Security Bypass: Remote attackers can bypass security checking of vulnerable systems.

Recommended Actions

Update to the latest versions:
http://www.mozilla.com/firefox/

CVE References

CVE-2008-4066