RedhatCVELIST:CVE-2008-5510CVE-2008-5510
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the ‘\0’ escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
References
secunia.com/advisories/33184
secunia.com/advisories/33188
secunia.com/advisories/33203
secunia.com/advisories/33204
secunia.com/advisories/33205
secunia.com/advisories/33216
secunia.com/advisories/33231
secunia.com/advisories/33408
secunia.com/advisories/33523
secunia.com/advisories/34501
secunia.com/advisories/35080
sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1
sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1
www.debian.org/security/2009/dsa-1707
www.mandriva.com/security/advisories?name=MDVSA-2008:244
www.mandriva.com/security/advisories?name=MDVSA-2008:245
www.mandriva.com/security/advisories?name=MDVSA-2009:012
www.mozilla.org/security/announce/2008/mfsa2008-67.html
www.redhat.com/support/errata/RHSA-2008-1036.html
www.securityfocus.com/bid/32882
www.securitytracker.com/id?1021425
www.ubuntu.com/usn/usn-690-2
www.ubuntu.com/usn/usn-701-1
www.vupen.com/english/advisories/2009/0977
bugzilla.mozilla.org/show_bug.cgi?id=228856
exchange.xforce.ibmcloud.com/vulnerabilities/47415
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9662
usn.ubuntu.com/690-1/
Related
