Mozilla Firefox 3.0.13 and previous versions, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and previous versions do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote malicious users to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.0.4 |
||
mozilla firefox 3.0.3 |
||
mozilla firefox 3.0.8 |
||
mozilla firefox 3.0.9 |
||
mozilla mozilla 0.9.48 |
||
mozilla mozilla 0.9.35 |
||
mozilla mozilla 1.0 |
||
mozilla mozilla 0.9.8 |
||
mozilla mozilla 1.2 |
||
mozilla mozilla 1.3 |
||
mozilla mozilla 1.4 |
||
mozilla mozilla 1.5 |
||
mozilla firefox 3.0.11 |
||
mozilla firefox 3.0.12 |
||
mozilla firefox 3.6 |
||
mozilla firefox 3.7 |
||
mozilla mozilla 0.8 |
||
mozilla mozilla 0.9.2.1 |
||
mozilla mozilla 0.9.7 |
||
mozilla mozilla 0.9.9 |
||
mozilla mozilla 1.1 |
||
mozilla mozilla 1.5.1 |
||
mozilla mozilla 1.4.1 |
||
mozilla mozilla 1.6 |
||
mozilla firefox 3.0.1 |
||
mozilla firefox 3.0.5 |
||
mozilla firefox |
||
mozilla firefox 3.5 |
||
mozilla mozilla 0.9.3 |
||
mozilla mozilla 0.9.4.1 |
||
mozilla mozilla 0.9.4 |
||
mozilla mozilla 0.9.6 |
||
mozilla mozilla 1.2.1 |
||
mozilla mozilla 1.3.1 |
||
mozilla mozilla 1.4.4 |
||
mozilla mozilla 1.4.2 |
||
mozilla firefox 3.0.10 |
||
mozilla firefox 3.0.6 |
||
mozilla firefox 3.0.2 |
||
mozilla firefox 3.0.7 |
||
mozilla seamonkey 1.1.17 |
||
mozilla mozilla 0.9.5 |
||
mozilla mozilla 0.9.2 |
||
mozilla mozilla 1.0.1 |
||
mozilla mozilla 1.0.2 |
||
mozilla mozilla |