| Revision Date: | 2014-03-17 | Version: | 21 |
| Title: | Mozilla Firefox and Seamonkey XSS Vulnerability |
| Description: | Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2009-1312
|
| Platform(s): | Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
| Product(s): | Mozilla Firefox
Mozilla Seamonkey
|
| Definition Synopsis |
| Check Mozilla Seamonkey version Mozilla Seamonkey is installed
AND Seamonkey version is less than or equal to 1.1.16
OR Check Mozilla Firefox version
Mozilla Firefox Mainline release is installed
AND Firefox version is less than or equal to 3.0.8
|