CVE-2010-3770
Firefox < 3.5.16 and 3.6.x < 3.6.13 - Cross-Site Scripting via Character Encoding Conversion
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-3770. PoCs published by Yosuke Hasegawa.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Mozilla Firefox, SeaMonkey, and Thunderbird by using a malformed meta charset tag to execute arbitrary JavaScript. The PoC leverages the 'x-mac-farsi' charset to bypass sanitization and inject script code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Mozilla Firefox, SeaMonkey, and Thunderbird by using a malformed meta charset tag to execute arbitrary JavaScript. The PoC leverages the 'x-mac-farsi' charset to bypass sanitization and inject script code.