mozilla -- multiple vulnerabilities

The Mozilla Foundation reports: MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domai...

CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines...

Escaped null characters ignored by CSS parser — Mozilla

Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web application...

[Full-disclosure] -moz-binding CSS property: more XSS fun

Hm, I haven't seen this posted here ... Firefox now supports the -moz-binding CSS property, which associate XBL1 with an element. The same origin policy is not applied. This is a problem because XBL may contain JavaScript and it runs with full access to content. There is a bug report2 filed, but ...