Mozilla Foundation Security Advisory 2010-44

2010-07-24T00:00:00
ID SECURITYVULNS:DOC:24317
Type securityvulns
Reporter Securityvulns
Modified 2010-07-24T00:00:00

Description

Mozilla Foundation Security Advisory 2010-44

Title: Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish Impact: Moderate Announced: July 20, 2010 Reporter: O. Andersen Products: Firefox, Thunderbird

Fixed in: Firefox 3.6.7 Thunderbird 3.1.1 Description

Security researcher O. Andersen reported that undefined positions within various 8 bit character encodings are mapped to the sequence U+FFFD which when displayed causes the immediately following character to disappear from the text run. This could potentially contribute to XSS problems on sites which expected extra characters to be present within strings being sanitized on the server. References

* https://bugzilla.mozilla.org/show_bug.cgi?id=564679
* CVE-2010-1210