CVE-2009-5017
12.11.2010, 22:00
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 ≤ 3.6 |
| mozilla | firefox | 3.6:beta1 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||||||||||||
| firefox-3.0 |
| ||||||||||||||||||||||
| firefox-3.5 |
| ||||||||||||||||||||||
| seamonkey |
| ||||||||||||||||||||||
| thunderbird |
| ||||||||||||||||||||||
| xulrunner-1.9.2 |
|
References