• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Mozilla Firefox/Thunderbird/SeaMonkey Character Encoding Cross-Site Scripting Vulnerabilities

Mozilla Firefox, Thunderbird, and SeaMonkey are prone to multiple cross-site scripting vulnerabilities because of a design error. The HTML parser used by these applications fails to properly handle certain character encodings.

An attacker can exploit these issues to execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.