QwikSec

Security Database

CVE

CWE

Training

CVE-2009-5017

Published: Nov 12, 2010

Modified: Sep 16, 2024

PUBLISHED

Description

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=511859

x_refsource_CONFIRM

https://bugzilla.mozilla.org/show_bug.cgi?id=522634

x_refsource_CONFIRM

http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html

x_refsource_MISC

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.