2008-12-17 23:00:00
redhat
PUBLISHED
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the 0 escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.