Lucene search
MitreCVELIST:CVE-2009-3012HistoryOct 03, 2022 - 4:23 p.m.
CVE-2009-3012
2022-10-0316:23:56
mitre
www.cve.org
mozilla firefox
xss
data: uris
location headers
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.
Related
openvas
openvas
Mozilla Firefox 'data:' URI XSS Vulnerability - Sep09 (Linux)
2009-09-07 00:00:00
Mozilla Firefox 'data:' URI XSS Vulnerability (Sep 2009) - Windows
2009-09-07 00:00:00
Mozilla Firefox 'data:' URI XSS Vulnerability - Sep09 (Windows)
2009-09-07 00:00:00
nvd
nvd
CVE-2009-3012
2009-08-31 16:30:06
cve
cve
CVE-2009-3012
2022-10-03 16:23:56
prion
prion
Cross site scripting
2009-08-31 16:30:00
ubuntucve
ubuntucve
CVE-2009-3012
2009-08-31 00:00:00