PT-2006-3702 · Mozilla+1 · Firefox+2

Masatoshi Kimura

Publicado

2006-06-02

Atualizado

2018-10-18

CVE-2006-2783

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 1.5.0.4 Mozilla Thunderbird versions prior to 1.5.0.4

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via a Unicode Byte-order-Mark (BOM) sequence in the middle of a dangerous tag such as SCRIPT. This occurs because the software strips the BOM from a UTF-8 page before it is passed to the parser.

Recommendations For Mozilla Firefox versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue. For Mozilla Thunderbird versions prior to 1.5.0.4, update to version 1.5.0.4 or later to resolve the issue.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2006-2783

DSA-1118

DSA-1120

DSA-1134-1

HPSBUX02153

RHSA-2006:0578

RHSA-2006:0609

RHSA-2006:0610

RHSA-2006:0611

RHSA-2006_0609

RHSA-2006_0610

RHSA-2006_0611

Produtos afetados

Firefox

Thunderbird

Red Hat

PT-2006-3702 · Mozilla+1 · Firefox+2

CVE-2006-2783

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 229