CVE-2006-2783
Mozilla Firefox < 1.5.0.3 - XSS
Title source: ruleDescription
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.
References (58)
... and 38 more
Scores
EPSS
0.0498
EPSS Percentile
89.5%
Classification
CWE
CWE-79
Status
draft
Affected Products (2)
mozilla/firefox
< 1.5.0.3
mozilla/thunderbird
< 1.5.0.3
Timeline
Published
Jun 02, 2006
Tracked Since
Feb 18, 2026