Mozilla Thunderbird/SeaMonkey/Firefox Multiple Remote Vulnerabilities

Some of the vulnerabilities described in this BID do not require exploits.

Proof-of-concept exploits are available in the Mozilla Bugzilla database, but are not currently available to the general public.

Update: It has been revealed that Firefox 2.0.0.10 is still vulnerable to the issue outlined in MFSA 2007-02. Pages followed through 'href' links and embedded iframes inherit the character set of parent pages when a user has manually set the browser charset.

A proof of concept is available at the following URI.

http://www.maths.usyd.edu.au/u/psz/ff-utf7-uxss.html


 

Privacy Statement
Copyright 2010, SecurityFocus