New Search

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 inherit the default charset from the parent window which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

oval:org.mitre.oval:def:10086

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2 and SeaMonkey before 1.0.8 inherit the default charset from the parent window which allows remote attackers to conduct cross-site scripting (XSS) attacks as demonstrated using the UTF-7 character set.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • CentOS Linux 3
  • Oracle Linux 5
  • CentOS Linux 5
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 3
  • Oracle Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2007-0996
Product(s):