CVE-2006-2783 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2006-2783
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2783

Description: Mozilla Firefox and Thunderbird before 1.5.0.4 strips the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26852 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-323-1 http://www.ubuntulinux.org/support/documentation/usn/usn-297-3 http://www.ubuntulinux.org/support/documentation/usn/usn-296-2 http://www.ubuntulinux.org/support/documentation/usn/usn-297-1 http://www.ubuntulinux.org/support/documentation/usn/usn-296-1 SUSE http://www.novell.com/linux/security/advisories/2006_35_mozilla.html ST 1016214 1016202 SAID Secunia Advisory: SA21607 Secunia Advisory: SA21532 Secunia Advisory: SA21324 Secunia Advisory: SA21336 Secunia Advisory: SA21270 Secunia Advisory: SA21269 Secunia Advisory: SA21210 Secunia Advisory: SA21188 Secunia Advisory: SA21178 Secunia Advisory: SA21176 Secunia Advisory: SA21183 Secunia Advisory: SA21134 Secunia Advisory: SA20709 Secunia Advisory: SA20561 Secunia Advisory: SA20382 Secunia Advisory: SA20376 Secunia Advisory: SA21631 Secunia Advisory: SA22065 Secunia Advisory: SA22066 Secunia Advisory: SA31074 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0594.html http://rhn.redhat.com/errata/RHSA-2006-0609.html http://www.redhat.com/support/errata/RHSA-2006-0611.html http://www.redhat.com/support/errata/RHSA-2006-0610.html http://www.redhat.com/support/errata/RHSA-2006-0578.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:145 http://www.mandriva.com/security/advisories?name=MDKSA-2006:146 http://www.mandriva.com/security/advisories?name=MDKSA-2006:143 HP http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded http://www.securityfocus.com/archive/1/archive/1/446658/100/200/threaded GENTOO http://www.gentoo.org/security/en/glsa/glsa-200606-21.xml http://www.gentoo.org/security/en/glsa/glsa-200606-12.xml DEBIAN http://www.debian.org/security/2006/dsa-1134 http://www.debian.org/security/2006/dsa-1120 http://www.debian.org/security/2006/dsa-1118 CONFIRM http://www.mozilla.org/security/announce/2006/mfsa2006-42.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/435795/100/0/threaded BID 18228 APPLE http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html

Return to the previous page.