Back to search
CVE-2009-3014
Published: Aug 31, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://websecurity.com.ua/3373/
x_refsource_MISC
http://websecurity.com.ua/3386/
x_refsource_MISC
firefox-seamonkey-javascript-xss(52995)
vdb-entry
x_refsource_XF
20090828 Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now