XSS in Mozilla Firefox
CVE-2009-3014
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.010 (57.9th percentile) — read the EPSS interpretation.
Affected products
- Mozilla Firefox — versions 3.0.1, 3.0.2, 3.0.3
- Mozilla — versions 0.8, 0.9.2, 0.9.2.1
- Mozilla Seamonkey — versions 1.1.17
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (Exploit, x_refsource_MISC)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)