Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon

2009.08.31
Credit: MustLive
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

Hello Bugtraq! I want to warn you about Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon. As I wrote about this vulnerability at my site (http://websecurity.com.ua/3373/) at 30.07.2009, I found vulnerability in Mozilla and Firefox 3.0.12 (and later checked in 3.0.13). Which allows to bypass protection from executing of JavaScript code in location-header redirectors (by redirecting to javascript: URI). In Firefox at the sites, which use answer "302 Object moved" at request to location-header redirector with setting of JavaScript code, the browser will show "Object Moved" page, where there is this code in the link ?here?. At click on which the code will execute. I.e. it is Strictly social XSS. XSS: With request to script at web site: http://site/script.php?param=javascript:alert(document.cookie) Which returns in answer the Location header: HTTP/1.x 302 Object moved Location: javascript:alert%28document.cookie%29 The browser will show ?Object Moved? page. At click on the link ?here? the code will execute in context of this site. Vulnerable versions are Mozilla 1.7.x and previous versions. Vulnerable versions are Firefox 3.0.13 and previous versions (and 3.5.x should be also vulnerable). As I wrote in my article Cross-Site Scripting attacks via redirectors (http://websecurity.com.ua/3386/), later I found that this vulnerability also exists in browsers SeaMonkey 1.1.17, Firefox 3.6 a1 pre, Firefox 3.7 a1 pre, Orca Browser 1.2 build 5 and Maxthon 3 Alpha (3.0.0.145) with Ultramode. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

References:

http://www.securityfocus.com/archive/1/archive/1/506163/100/0/threaded
http://websecurity.com.ua/3386/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top