Описание
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 18.0~b2+build1-0ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 17.0+build2-0ubuntu0.10.04.1 |
| oneiric | released | 17.0+build2-0ubuntu0.11.10.1 |
| precise | released | 17.0+build2-0ubuntu0.12.04.1 |
| quantal | released | 17.0+build2-0ubuntu0.12.10.1 |
| raring | not-affected | 18.0~b2+build1-0ubuntu1 |
| saucy | not-affected | 18.0~b2+build1-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 17.0+build2-0ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 17.0+build2-0ubuntu0.10.04.1 |
| oneiric | released | 17.0+build2-0ubuntu0.11.10.1 |
| precise | released | 17.0+build2-0ubuntu0.12.04.1 |
| quantal | released | 17.0+build2-0ubuntu0.12.10.1 |
| raring | not-affected | 17.0+build2-0ubuntu1 |
| saucy | not-affected | 17.0+build2-0ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
The HZ-GB-2312 character-set implementation in Mozilla Firefox before ...
The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document.
EPSS
4.3 Medium
CVSS2