Mozilla Firefox 2.0.0.14, and other versions prior to 2.0.0.17, allows remote malicious users to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 2.0.0.14 |
||
mozilla firefox 2.0.0.15 |
||
mozilla firefox 2.0.0.16 |