4.3

CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version <= 3.0.8
MozillaFirefox Version0.1
MozillaFirefox Version0.2
MozillaFirefox Version0.3
MozillaFirefox Version0.4
MozillaFirefox Version0.5
MozillaFirefox Version0.6
MozillaFirefox Version0.6.1
MozillaFirefox Version0.7
MozillaFirefox Version0.7.1
MozillaFirefox Version0.8
MozillaFirefox Version0.9
MozillaFirefox Version0.9 Updaterc
MozillaFirefox Version0.9.1
MozillaFirefox Version0.9.2
MozillaFirefox Version0.9.3
MozillaFirefox Version0.9_rc
MozillaFirefox Version0.10
MozillaFirefox Version0.10.1
MozillaFirefox Version1.0
MozillaFirefox Version1.0 Updatepreview_release
MozillaFirefox Version1.0.1
MozillaFirefox Version1.0.2
MozillaFirefox Version1.0.3
MozillaFirefox Version1.0.4
MozillaFirefox Version1.0.5
MozillaFirefox Version1.0.6
MozillaFirefox Version1.0.6 Editionlinux
MozillaFirefox Version1.0.7
MozillaFirefox Version1.0.8
MozillaFirefox Version1.5
MozillaFirefox Version1.5 Updatebeta1
MozillaFirefox Version1.5 Updatebeta2
MozillaFirefox Version1.5.0.1
MozillaFirefox Version1.5.0.2
MozillaFirefox Version1.5.0.3
MozillaFirefox Version1.5.0.4
MozillaFirefox Version1.5.0.5
MozillaFirefox Version1.5.0.6
MozillaFirefox Version1.5.0.7
MozillaFirefox Version1.5.0.8
MozillaFirefox Version1.5.0.9
MozillaFirefox Version1.5.0.10
MozillaFirefox Version1.5.0.11
MozillaFirefox Version1.5.0.12
MozillaFirefox Version1.5.1
MozillaFirefox Version1.5.2
MozillaFirefox Version1.5.3
MozillaFirefox Version1.5.4
MozillaFirefox Version1.5.5
MozillaFirefox Version1.5.6
MozillaFirefox Version1.5.7
MozillaFirefox Version1.5.8
MozillaFirefox Version1.8
MozillaFirefox Version2.0
MozillaFirefox Version2.0 Updatebeta_1
MozillaFirefox Version2.0 Updatebeta1
MozillaFirefox Version2.0 Updaterc2
MozillaFirefox Version2.0 Updaterc3
MozillaFirefox Version2.0.0.1
MozillaFirefox Version2.0.0.2
MozillaFirefox Version2.0.0.3
MozillaFirefox Version2.0.0.4
MozillaFirefox Version2.0.0.5
MozillaFirefox Version2.0.0.6
MozillaFirefox Version2.0.0.7
MozillaFirefox Version2.0.0.8
MozillaFirefox Version2.0.0.9
MozillaFirefox Version2.0.0.10
MozillaFirefox Version2.0.0.11
MozillaFirefox Version2.0.0.12
MozillaFirefox Version2.0.0.13
MozillaFirefox Version2.0.0.14
MozillaFirefox Version2.0.0.15
MozillaFirefox Version2.0.0.16
MozillaFirefox Version2.0.0.17
MozillaFirefox Version2.0.0.18
MozillaFirefox Version2.0.0.19
MozillaFirefox Version2.0.0.20
MozillaFirefox Version2.0.0.21
MozillaFirefox Version2.0_8
MozillaFirefox Version3.0
MozillaFirefox Version3.0 Updatealpha
MozillaFirefox Version3.0 Updatebeta2
MozillaFirefox Version3.0 Updatebeta5
MozillaFirefox Version3.0.1
MozillaFirefox Version3.0.2
MozillaFirefox Version3.0.3
MozillaFirefox Version3.0.4
MozillaFirefox Version3.0.5
MozillaFirefox Version3.0.6
MozillaFirefox Version3.0.7
MozillaFirefox Version3.0beta5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.57% 0.919
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/35065
http://rhn.redhat.com/errata/RHSA-2009-0437.html
http://secunia.com/advisories/34843
http://secunia.com/advisories/34844
http://secunia.com/advisories/34894
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://www.vupen.com/english/advisories/2009/1125
https://usn.ubuntu.com/764-1/
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://secunia.com/advisories/34758
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.securityfocus.com/bid/34656
http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/
http://websecurity.com.ua/3275/
http://websecurity.com.ua/3386/
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
Vendor Advisory
http://www.securityfocus.com/archive/1/504718/100/0/threaded
http://www.securityfocus.com/archive/1/504723/100/0/threaded
http://www.securitytracker.com/id?1022096
https://bugzilla.mozilla.org/show_bug.cgi?id=475636
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818