2 matches found
Mozilla Firefox 'data:' URI XSS Vulnerability (Sep 2009) - Linux
Mozilla Firefox is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2009-3012
The CVE-2009-3012 entry affects Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre. The vulnerability arises because Firefox does not properly block data: URIs in Location headers in HTTP responses, enabling remote XSS via two vectors: (1) a Location header containing a data:text...