The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2007-02-27T02:00:00
Updated: 2018-10-16T14:57:01
Reserved: 2007-02-16T00:00:00
Link: CVE-2007-0996
JSON object: View
NVD Information
Status : Modified
Published: 2007-02-27T02:28:00.000
Modified: 2018-10-16T16:36:07.157
Link: CVE-2007-0996
JSON object: View
Redhat Information
No data.
CWE