{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2557?format=json","vulnerability_id":"VCID-tfrg-nmxp-hbgm","summary":"Masatoshi Kimura reports that the Unicode Byte-order-Mark (BOM) is\nstripped from UTF-8 pages during the conversion to Unicode before\nthe parser sees the web page. As a result the parser will see and\nprocess script tags that web input sanitizers may miss\nbecause they appear as \"scr[BOM]ipt\" or similar in the comment code\non the web site.Although Firefox 1.5.0.4 and later will be fixed and no longer\naccept such script tags, web sites will continue to be visited by\nolder versions of Firefox and Mozilla browsers. Web sites can protect\nthemselves by explicitly setting the character encoding to something other\nthan UTF-8, or by adding the Unicode byte-order marks to the repertoire\nof the site's input sanitizer.Thunderbird shares the browser engine with Firefox\nand could be vulnerable if JavaScript were to be enabled in mail. This is not\nthe default setting and we strongly discourage users from running\nJavaScript in mail.","aliases":[{"alias":"CVE-2006-2783"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1100?format=json","purl":"pkg:mozilla/SeaMonkey@1.0.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@1.0.2"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783","reference_id":"CVE-2006-2783","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2783"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-42","reference_id":"mfsa2006-42","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2006-42"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrg-nmxp-hbgm"}