Closed Bug 786149 Opened 12 years ago Closed 12 years ago

Universal XSS using utf-16be content with utf-16le header

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla19

People

(Reporter: emk, Unassigned)

References

Details

Attachments

(1 file)

Testcase 12 years ago Masatoshi Kimura [:emk] 96 bytes, text/html;charset=utf-16le		Details

Masatoshi Kimura [:emk]

Reporter

Description

•

12 years ago

Attached file Testcase — Details

Only Firefox is vulnerable atm.

Masatoshi Kimura [:emk]

Reporter

Updated

•

12 years ago

Attachment #655865 - Attachment description: text/html;charset=utf-16le → Testcase

Attachment #655865 - Attachment mime type: text/html → text/html;charset=utf-16le

Masatoshi Kimura [:emk]

Reporter

Comment 1

•

12 years ago

Maybe we also need to implement "BOM trumps everything" rule per Encoding spec before fixing this.

Depends on: 716579

Masatoshi Kimura [:emk]

Reporter

Comment 2

•

12 years ago

Fixed by bug 716579.

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Masatoshi Kimura [:emk]

Reporter

Updated

•

12 years ago

Target Milestone: --- → mozilla19

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Universal XSS using utf-16be content with utf-16le header

Categories

(Core :: Internationalization, defect)

Tracking

()

People

(Reporter: emk, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Updated

Attachment

General

Description

File Name

Content Type