Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
mozilla firefox 跨站脚本攻击漏洞
Vulnerability Description
Mozilla Firefox 3.0.13及之前版本,3.5,3.6 a1 pre和3.7 a1 pre没有在HTTP响应中正确的拦截刷新眉首中的数据:URIs,这使得远程攻击者可以借助一些向量,执行跨站脚本攻击。这些向量涉及(1)注入一个包含data:text/html URI中的JavaScript序列的定位头或(2)在详细说明定位头的内容时,借助JavaScript序列输入一个data:text/html URI。
CVSS Information
N/A
Vulnerability Type
N/A