CVE-2006-2783
Publication date 2 June 2006
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 7.04 feisty |
Not affected
|
6.10 edgy |
Not affected
|
|
6.06 LTS dapper |
Fixed 1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1
|
|
firefox-granparadiso | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
lightning-sunbird | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
midbrowser | 7.04 feisty | Not in release |
6.10 edgy | Not in release | |
6.06 LTS dapper | Not in release | |
mozilla-thunderbird | 7.04 feisty |
Fixed 1.5.0.13-0ubuntu0.7.04
|
6.10 edgy |
Fixed 1.5.0.13-0ubuntu0.6.10
|
|
6.06 LTS dapper |
Fixed 1.5.0.13-0ubuntu0.6.06
|
|
xulrunner | 7.04 feisty |
Fixed 1.8.0.5-4.2
|
6.10 edgy |
Fixed 1.8.0.5-4.2
|
|
6.06 LTS dapper | Not in release |
References
Related Ubuntu Security Notices (USN)
- USN-323-1
- mozilla vulnerabilities
- 26 July 2006
- USN-297-1
- Thunderbird vulnerabilities
- 14 June 2006
- USN-297-3
- Thunderbird vulnerabilities
- 26 July 2006
- USN-296-2
- Firefox vulnerabilities
- 25 July 2006
- USN-296-1
- firefox vulnerabilities
- 9 June 2006