Lucene search

K

Veracode Vulnerability DatabaseVERACODE:31845

HistoryAug 28, 2021 - 12:01 a.m.

Validation Bypass

2021-08-2800:01:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

15

mozilla

firefox

vulnerability

validation bypass

overlong utf-8 encoding

remote attackers

cross-site scripting

xss

protection mechanisms

crafted string

cve-2010-1210

software

EPSS

0.002

Percentile

55.8%

Mozilla Firefox is vulnerable to validaiton bypass. does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210.

References

hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0

mozilla.com/en-US/firefox/3.6.4/releasenotes/

mozilla.com/en-US/firefox/3.6/releasenotes/

mozilla.org/security/known-vulnerabilities/firefox35.html

sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html

www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.4

www.redhat.com/security/updates/classification/#critical

access.redhat.com/errata/RHSA-2010:0500

bugzilla.mozilla.org/show_bug.cgi?id=511859

bugzilla.mozilla.org/show_bug.cgi?id=522634

bugzilla.redhat.com/show_bug.cgi?id=656287

EPSS

0.002

Percentile

55.8%

Related for VERACODE:31845

cve2 prion2 ubuntucve2 cvelist2 nvd2 veracode1 securityvulns2 seebug1 mozilla1 openvas40 fedora9 nessus26 centos3 redhat3 oraclelinux3 freebsd1 ubuntu4 suse1 gentoo1