logo
DATABASE RESOURCES PRICING ABOUT US

Multiple XSS vulnerabilities from character encoding — Mozilla

Description

WebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting (XSS) risks on sites which filtered input in accordance with the specification.


Affected Software


CPE Name Name Version
firefox 2.0.0.12
seamonkey 1.1.8
thunderbird 2.0.0.12

Related