You are here: Security Center > Mozilla Foundation Security Advisories > MFSA 2012-24

Mozilla Foundation Security Advisory 2012-24

Title: Potential XSS via multibyte content processing errors
Impact: High
Announced: April 24, 2012
Reporter: Anne van Kesteren
Products: Firefox, Thunderbird, SeaMonkey

Fixed in: Firefox 12.0
  Firefox ESR 10.0.4
  Thunderbird 12.0
  Thunderbird ESR 10.0.4
  SeaMonkey 2.9

Description

Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. This can leave users vulnerable to cross-site scripting (XSS) attacks on maliciously crafted web pages.

References