Fluid Attacks Database

Description

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
rpm rhel5	totem	<0:2.16.7-7.el5	0:2.16.7-7.el5
rpm rhel5	esc	<0:1.1.0-12.el5	0:1.1.0-12.el5
rpm rhel5	xulrunner	<0:1.9.2.4-10.el5	0:1.9.2.4-10.el5
rpm rhel5	gnome-python2-extras	<0:2.14.2-7.el5	0:2.14.2-7.el5
rpm rhel5	devhelp	<0:0.12-21.el5	0:0.12-21.el5
rpm rhel5	yelp	<0:2.16.0-26.el5	0:2.16.0-26.el5
rpm rhel5	firefox	<0:3.6.4-8.el5	0:3.6.4-8.el5

Aliases

1. CVE-2009-50172. NVD-2009-50173. OSV-2009-5017

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.