Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Firefox allows Refresh header to redirect to javascript: URIs

Related Vulnerabilities: CVE-2009-1312  

Source

Mozilla Foundation Security Advisory 2009-22

Firefox allows Refresh header to redirect to javascript: URIs

Announced
April 21, 2009
Reporter
Michael
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.0.9

Description

Mozilla community member Michael reported that when a server responds with a Refresh header containing a javascript: URI, Firefox will redirect to the javascript: URI. If an attacker could inject a Refresh header into a server response, or could control the value that a site places in the Refresh header, they could use this vulnerability to perform an XSS attack and execute arbitrary JavaScript within the context of that site.

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started