CVE-2009-5017 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting5 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 62.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox

Timeline

PublishedNov 12

Latest updateMay 2

Description

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.6+1

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-p83q-cg3p-77f9: Mozilla Firefox before 3↗2022-05-02

▶

📋Vendor Advisories

Red Hat

Firefox: overlong UTF-8 seqence detection problem↗2009-08-21

▶

💬Community

Bugzilla

CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem↗2010-11-23

▶

Bugzilla

CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem [fedora-12]↗2010-11-23

▶