New Search

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 inherit the default charset from the parent window which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

oval:org.mitre.oval:def:10086

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 inherit the default charset from the parent window which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 3
  • Oracle Linux 4
  • Oracle Linux 5
  • Red Hat Enterprise Linux 3
  • Red Hat Enterprise Linux 4
  • CentOS Linux 4
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2007-0996
Product(s):