Sign in
CVE-2009-5017
CVE-2009-5017
Description
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.
Impact
CVSS v2 : 4.3 MEDIUM
Type
CWE-79
Attack Vector
CVSSv2 Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N
Quick links
CVE
,
NVD
,
CERT
,
Metasploit
,
Exploit-db
,
Fulldisc
,
Bugtraq
,
Microsoft
,
Red Hat
,
Debian
, GitHub
code
/
issues
,
Google
References
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0
http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
https://bugzilla.mozilla.org/show_bug.cgi?id=511859
https://bugzilla.mozilla.org/show_bug.cgi?id=522634
FAQ
Terms of service
Privacy policy
