CVE-2008-5510 Information
Description
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 Thunderbird 2.x before 2.0.0.19 and SeaMonkey 1.x before 1.1.14 ignores the ‘\0’ escaped null character which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Reference
http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33408 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://secunia.com/advisories/35080 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-258748-1 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mandriva.com/security/advisories?name=MDVSA-2009:012 http://www.mozilla.org/security/announce/2008/mfsa2008-67.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://www.securityfocus.com/bid/32882 http://www.securitytracker.com/id?1021425 http://www.ubuntu.com/usn/usn-690-2 http://www.ubuntu.com/usn/usn-701-1 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mozilla.org/show_bug.cgi?id=228856 https://exchange.xforce.ibmcloud.com/vulnerabilities/47415 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9662 https://usn.ubuntu.com/690-1/
Share on: