Mozilla Firefox Security Bypass Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Mozilla Firefox and is prone to security bypass vulnerability.

Impact

Successful exploitation will allow attackers to bypass cross-site scripting protection mechanisms via a crafted string. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 3.6 Beta 3 or later, For updates refer to http://www.mozilla.com/en-US/firefox/upgrade.html

Insight

The flaw is due to improper validation of overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting protection mechanisms via a crafted string.

Affected

Mozilla Firefox versions prior to 3.6 Beta 3.

References

http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html
https://bugzilla.mozilla.org/show_bug.cgi?id=511859
https://bugzilla.mozilla.org/show_bug.cgi?id=522634

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-5017

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache CouchDB Web Administration Interface Cross Site Scripting Vulnerability
Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
Adobe Reader Unspecified Vulnerability (Windows)
AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Adobe Reader Plugin Signature Bypass Vulnerability (Mac OS X)

Take action and discover your vulnerabilities