The CSS parser in Mozilla Firefox 3.x prior to 3.0.5 and 2.x prior to 2.0.0.19, Thunderbird 2.x prior to 2.0.0.19, and SeaMonkey 1.x prior to 1.1.14 ignores the '\0' escaped null character, which might allow remote malicious users to bypass protection mechanisms such as sanitization routines.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
mozilla seamonkey |
||
mozilla thunderbird |
||
canonical ubuntu linux 8.10 |
||
canonical ubuntu linux 7.10 |
||
canonical ubuntu linux 8.04 |
||
debian debian linux 4.0 |
||
debian debian linux 5.0 |