CVE-2009-3012
Published Aug 31, 2009
Last updated 15 years ago
Overview
- Description
- Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "667FC0BC-C1AD-46CD-BBB2-A7E58E644FA7",
"versionEndIncluding": "3.0.13"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20139741-10B1-4E4B-8D5F-A715042049C4"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52624B41-AB34-40AD-8709-D9646B618AB0"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "917E9856-9556-4FD6-A834-858F8837A6B4"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "98BBD74D-930C-4D80-A91B-0D61347BAA63"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAF2E696-883D-4DE5-8B79-D8E5D9470253"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94E04FD9-38E8-462D-82C2-729F7F7F0465"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5888517E-3C57-4A0A-9895-EA4BCB0A0ED5"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BB21291-B9F3-445E-A9E9-EA1822083DD3"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76CD3BDF-A079-4EF3-ABDE-43CBDD08DB1F"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C100B62E-9199-4983-AFC2-EBC55AF230BE"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C5C2EED-CA12-416C-8695-18DD215B0351"
}
],
"operator": "OR"
}
]
}
]