CVE-2006-2783

Source
https://nvd.nist.gov/vuln/detail/CVE-2006-2783
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2006-2783.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2006-2783
Downstream
Published
2006-06-02T19:02:00Z
Modified
2025-08-09T20:01:27Z
Summary
[none]
Details

Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT.

References

Affected packages