The child frames in Mozilla Firefox prior to 1.5.0.10 and 2.x prior to 2.0.0.2, and SeaMonkey prior to 1.0.8 inherit the default charset from the parent window, which allows remote malicious users to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 1.5.0.5 |
||
mozilla firefox 1.5.0.6 |
||
mozilla firefox 2.0.0.1 |
||
mozilla firefox 2.0 |
||
mozilla seamonkey 1.0.5 |
||
mozilla seamonkey 1.0.6 |
||
mozilla firefox 1.5.0.3 |
||
mozilla firefox 1.5.0.4 |
||
mozilla firefox 1.5 |
||
mozilla seamonkey 1.0.3 |
||
mozilla seamonkey 1.0.4 |
||
mozilla firefox 1.5.0.7 |
||
mozilla firefox 1.5.0.8 |
||
mozilla seamonkey 1.0 |
||
mozilla seamonkey 1.0.7 |
||
mozilla firefox 1.5.0.1 |
||
mozilla firefox 1.5.0.2 |
||
mozilla firefox 1.5.0.9 |
||
mozilla seamonkey 1.0.1 |
||
mozilla seamonkey 1.0.2 |