Description intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.
CVSS vector AV:N/AC:M/C:N/I:P/A:N Exploitability: 8.6 | Impact: 2.9 Confidentiality: None
Availability: None
Affected Packages2 packages
🔴 Vulnerability Details2 GHSA GHSA-p83q-cg3p-77f9: Mozilla Firefox before 3 ↗ 2022-05-02 ▶ GHSA GHSA-446p-4x7p-gxv7: intl/uconv/util/nsUnicodeDecodeHelper ↗ 2022-05-02 ▶
📋 Vendor Advisories6 Ubuntu Firefox and Xulrunner vulnerability ↗ 2010-07-26 ▶ Ubuntu Firefox and Xulrunner vulnerabilities ↗ 2010-07-23 ▶ Ubuntu ant, apturl, Epiphany, gluezilla, gnome-python-extras, liferea, mozvoikko, OpenJDK, packagekit, ubufox, webfav, yelp update ↗ 2010-07-23 ▶ Ubuntu Firefox and Xulrunner vulnerabilities ↗ 2010-07-23 ▶ Red Hat Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish ↗ 2010-07-20 ▶ Show 1 more
💬 Community2 Bugzilla CVE-2009-5017 Firefox: overlong UTF-8 seqence detection problem ↗ 2010-11-23 ▶ Bugzilla CVE-2010-1210 Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish ↗ 2010-07-16 ▶