Mozilla Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote malicious users to bypass content filters that use regular expressions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 2.0.0.1 |
||
mozilla seamonkey |
||
mozilla firefox 1.5.0.10 |
||
mozilla firefox 2.0 |