Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Escaped null characters ignored by CSS parser

Related Vulnerabilities: CVE-2008-5510  

Source

Mozilla Foundation Security Advisory 2008-67

Escaped null characters ignored by CSS parser

Announced
December 16, 2008
Reporter
Kojima Hajime
Impact
Low
Products
Firefox, SeaMonkey, Thunderbird
Fixed in
  • Firefox 2.0.0.19
  • Firefox 3.0.5
  • SeaMonkey 1.1.14
  • Thunderbird 2.0.0.19

Description

Kojima Hajime reported that unlike literal null characters which were handled correctly, the escaped form '\0' was ignored by the CSS parser and treated as if it was not present in the CSS input string. This issue could potentially be used to bypass script sanitization routines in web applications. The severity of this issue was determined to be low.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started