CVE-2006-2783
Published: 2 June 2006
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.0.13-0ubuntu0.6.06)
|
| edgy |
Released
(1.5.0.13-0ubuntu0.6.10)
|
|
| feisty |
Released
(1.5.0.13-0ubuntu0.7.04)
|
|
| upstream |
Needs triage
|
|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Released
(1.5.dfsg+1.5.0.13~prepatch070731-0ubuntu1)
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
firefox-granparadiso Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
midbrowser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Released
(1.8.0.5-4.2)
|
|
| feisty |
Released
(1.8.0.5-4.2)
|
|
| upstream |
Needs triage
|
|
|
lightning-sunbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| edgy |
Does not exist
|
|
| feisty |
Does not exist
|
|
| upstream |
Needs triage
|
References
- https://ubuntu.com/security/notices/USN-296-1
- https://ubuntu.com/security/notices/USN-296-2
- https://ubuntu.com/security/notices/USN-297-1
- https://ubuntu.com/security/notices/USN-297-3
- https://ubuntu.com/security/notices/USN-323-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783
- NVD
- Launchpad
- Debian