9 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.4%
Security researchers David Huang and Collin Jackson of Carnegie Mellon University CyLab (Silicon Valley campus) reported that the type attribute of an tag can override the charset of a framed HTML document, even when the document is included across origins. A page could be constructed containing such an tag which sets the charset of the framed document to UTF-7. This could potentially allow an attacker to inject UTF-7 encoded JavaScript into a site, bypassing the site’s XSS filters, and then executing the code using the above technique.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 3.5.12 | |
firefox | lt | 3.6.9 | |
seamonkey | lt | 2.0.7 | |
thunderbird | lt | 3.0.7 | |
thunderbird | lt | 3.1.3 |