- Description
- Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-79
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7",
"versionEndIncluding": "3.0.13"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.6:a1_prerelease:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5CA287A-0263-4F6A-B685-E243D42FCFFC"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.7:a1_prerelease:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCCEA654-2A7F-4950-9FC3-015E2E4582B5"
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9F1412-B29B-4D13-AEEA-4AF7B12260D0",
"versionEndIncluding": "1.7.12"
},
{
"criteria": "cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AAB559BD-4BF7-417F-962F-B8971FF1614B"
}
],
"operator": "OR"
}
]
}
]