3 matches found
Ubuntu 6.06 LTS : firefox vulnerabilities (USN-717-3)
Kojima Hajime discovered that Firefox did not properly handle an escaped null character. An attacker may be able to exploit this flaw to bypass script sanitization. CVE-2008-5510 Wladimir Palant discovered that Firefox did not restrict access to cookies in HTTP response headers. If a user were...
Mozilla Foundation Security Advisory 2008-67
Mozilla Foundation Security Advisory 2008-67 Title: Escaped null characters ignored by CSS parser Impact: Low Announced: December 16, 2008 Reporter: Kojima Hajime Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description...
Escaped null characters ignored by CSS parser — Mozilla
Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web application...