New Search

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 inherit the default charset from the parent window which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

oval:org.mitre.oval:def:10086

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 inherit the default charset from the parent window which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 3
  • Oracle Linux 5
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2007-0996
Product(s):