Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

Related Vulnerabilities: CVE-2012-0477  

Source

Mozilla Foundation Security Advisory 2012-29

Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues

Announced
April 24, 2012
Reporter
Masato Kinugawa
Impact
Moderate
Products
Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR
Fixed in
  • Firefox 12
  • Firefox ESR 10.0.4
  • SeaMonkey 2.9
  • Thunderbird 12
  • Thunderbird ESR 10.0.4

Description

Security researcher Masato Kinugawa found that during the decoding of ISO-2022-KR and ISO-2022-CN character sets, characters near 1024 bytes are treated incorrectly, either doubling or deleting bytes. On certain pages it might be possible for an attacker to pad the output of the page such that these errors fall in the right place to affect the structure of the page, allowing for cross-site script (XSS) injection.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started