[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Mozilla Products: Character encoding cross-origin XSS attack - mfsa2013-106

ID: oval:org.secpod.oval:def:16240Date: (C)2013-12-20   (M)2023-12-07
Class: PATCHFamily: macos




Security researcher Masato Kinugawa discovered that if a web page is missing character set encoding information it can inherit character encoding across navigation into another domain from an earlier site. Only same-origin inheritance is allowed according to the HTML5 specification. This issue allows an attacker to add content that will be interpreted one way on the victim site, but which may then behave differently, evading cross-site scripting(XSS) filtering, when forced into an unexpected character set. Web site authors should always explicitly declare a character encoding to avoid similar issues.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.13
Apple Mac OS X 10.11
Apple Mac OS X 10.12
Product:
Mozilla SeaMonkey
Mozilla Firefox
Reference:
MFSA 2013-106
CVE-2013-5612
CVE    1
CVE-2013-5612
CPE    371
cpe:/a:mozilla:firefox:14.0
cpe:/a:mozilla:seamonkey:2.21:beta1
cpe:/a:mozilla:seamonkey:2.21:beta2
cpe:/a:mozilla:firefox:20.0.1
...

© SecPod Technologies