The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the 0 escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | 2.0 (including) | 2.0.0.19 (excluding) |
Firefox | Mozilla | 3.0 (including) | 3.0.5 (excluding) |
Seamonkey | Mozilla | 1.0 (including) | 1.1.14 (excluding) |
Thunderbird | Mozilla | 2.0 (including) | 2.0.0.19 (excluding) |