[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-5017Date: (C)2010-11-12   (M)2023-12-22


Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
https://bugzilla.mozilla.org/show_bug.cgi?id=511859
https://bugzilla.mozilla.org/show_bug.cgi?id=522634

CWE    1
CWE-79
OVAL    3
oval:org.secpod.oval:def:500402
oval:org.secpod.oval:def:201804
oval:org.secpod.oval:def:201957

© SecPod Technologies