CVE-2007-0996

Priority
Untriaged
Description
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2,
and SeaMonkey before 1.0.8 inherit the default charset from the parent
window, which allows remote attackers to conduct cross-site scripting (XSS)
attacks, as demonstrated using the UTF-7 character set.
References
http://www.ubuntu.com/usn/usn-428-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996
Package
Source: midbrowser (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: lightning-sunbird (LP Ubuntu Debian)
Upstream:needs-triage
Package
Source: firefox (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:17:41 UTC (commit 5347)