Mozilla Firefox XSS VulnerabilityDeprecated |
ID: oval:org.mitre.oval:def:6064 | Date: (C)2009-04-30 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Platform: |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |