Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | 1.5 (including) | 1.5.0.9 (excluding) |
Firefox | Mozilla | 2.0 (including) | 2.0.0.1 (excluding) |
Seamonkey | Mozilla | * | 1.0.7 (excluding) |
Thunderbird | Mozilla | * | 1.5.0.9 (excluding) |