Lucene search
Olli PettayEDB-ID:32942HistoryApr 22, 2009 - 12:00 a.m.
Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting
2009-04-2200:00:00
Olli Pettay
www.exploit-db.com
10
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/34656/info
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.
Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.
With request to script at web site:
http://www.example.com/script.php?param=javascript:alert(document.cookie)
Which returns in answer the refresh header:
refresh: 0; URL=javascript:alert(document.cookie)Related
mozilla
mozilla
Firefox allows Refresh header to redirect to javascript: URIs — Mozilla
2009-04-21 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-22
2009-04-23 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-04-28 00:00:00
prion
prion
Cross site scripting
2009-04-22 18:30:00
Cross site scripting
2009-07-07 23:30:00
Cross site scripting
2009-07-07 23:30:00
veracode
veracode
Phishing Attacks
2020-04-10 00:33:08
nvd
nvd
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2009-1312
2009-04-22 00:00:00
cve
cve
debiancve
debiancve
CVE-2009-2352
2009-07-07 23:30:00
openvas
openvas
CentOS Security Advisory CESA-2009:0437 (seamonkey)
2009-05-25 00:00:00
CentOS Update for seamonkey CESA-2009:0437-02 centos2 i386
2011-08-09 00:00:00
CentOS Security Advisory CESA-2009:0437-02 (seamonkey)
2009-04-28 00:00:00
redhat
redhat
(RHSA-2009:0437) Critical: seamonkey security update
2009-04-21 00:00:00
(RHSA-2009:0436) Critical: firefox security update
2009-04-21 00:00:00
nessus
nessus
RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0437)
2009-04-22 00:00:00
Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0437)
2013-07-12 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-04-21 00:00:00
firefox security update
2009-04-22 00:00:00
centos
centos
seamonkey security update
2009-04-22 19:48:58
seamonkey security update
2009-04-24 05:51:23
firefox, xulrunner security update
2009-04-23 11:19:15
debian
debian
[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
2009-05-09 13:00:16
osv
osv
xulrunner - several vulnerabilities
2009-05-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-04-21 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: mozvoikko-0.9.5-9.fc9
2009-04-22 20:27:04
[SECURITY] Fedora 10 Update: yelp-2.24.0-8.fc10
2009-04-24 19:52:12
[SECURITY] Fedora 9 Update: epiphany-extensions-2.22.1-10.fc9
2009-04-22 20:27:04
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-04-23 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00