Vulnerability CVE-2009-3010


Published: 2009-08-31   Modified: 2012-02-13

Description:
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Mozilla
Product: Firefox 
Version:
3.7
3.6
3.5
3.0beta5
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.13
3.0.12
3.0.11
3.0.10
3.0.1
3.0
2.0_8
2.0_.9
2.0_.7
2.0_.6
2.0_.5
2.0_.4
2.0_.10
2.0_.1
2.0.0.9
2.0.0.8
2.0.0.7
2.0.0.6
2.0.0.5
2.0.0.4
2.0.0.3
2.0.0.21
2.0.0.20
2.0.0.2
2.0.0.19
2.0.0.18
2.0.0.17
2.0.0.16
2.0.0.15
2.0.0.14
2.0.0.13
2.0.0.12
2.0.0.11
2.0.0.10
2.0.0.1
2.0
1.8
1.5.8
1.5.7
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.5.0.9
1.5.0.8
1.5.0.7
1.5.0.6
1.5.0.5
1.5.0.4
1.5.0.3
1.5.0.2
1.5.0.12
1.5.0.11
1.5.0.10
1.5.0.1
1.5
1.4.1
1.0.8
1.0.7
1.0.6
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0
0.9_rc
0.9.3
0.9.2
0.9.1
0.9
See more versions on NVD
Product: Mozilla 
Version:
1.8
1.7.9
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.12
1.7.11
1.7.10
1.7.1
1.7
See more versions on NVD
Product: Seamonkey 
Version: 1.1.17;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://xforce.iss.net/xforce/xfdb/52999
http://websecurity.com.ua/3386/
http://websecurity.com.ua/3315/

Related CVE
CVE-2018-5188
Memory safety bugs present in Firefox 60, Firefox ESR 60, and Firefox ESR 52.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerabi...
CVE-2018-5187
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunde...
CVE-2018-5186
Memory safety bugs present in Firefox 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 61.
CVE-2018-5156
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects...
CVE-2018-12387
A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as pa...
CVE-2018-12386
A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR...
CVE-2018-12385
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to w...
CVE-2018-12383
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format star...

Copyright 2018, cxsecurity.com

 

Back to Top