Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome

---

• From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
• Date: Fri, 3 Jul 2009 01:21:57 +0300

---

Hello SecurityFocus!

I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla,
Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday
(29.06.2009) and also informed corresponding browsers developers about this
vulnerability.

At 21.04.2009 there was fixed vulnerability in Firefox 3.0.9
(http://www.mozilla.org/security/announce/2009/mfsa2009-22.html), which
allowed to conduct XSS attacks via Refresh header. And as I checked, this
attack is also working in Mozilla, IE6, Opera and Chrome.

XSS:

With request to script at web site:

http://site/script.php?param=javascript:alert(document.cookie)

Which returns in answer the refresh header:

refresh: 0; URL=javascript:alert(document.cookie)

The code will work in context of this site.

Vulnerable version is Mozilla 1.7.x and previous versions.

Vulnerable version is Mozilla Firefox 3.0.8 and previous versions.

Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).

Vulnerable version is Opera 9.52 and previous versions (and potentially next
versions too).

Vulnerable version is Google Chrome 1.0.154.48 and previous versions (and
potentially next versions too).

I mentioned about this vulnerability at my site (http://websecurity.com.ua/3275/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


!DSPAM:4a4d326b156009547910959!

---

• Follow-Ups:
  • Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
    • From: Michal Zalewski

• Prev by Date: One Click Ownage [White Paper and Scripts]
• Next by Date: [SECURITY] [DSA 1825-1] New nagios2/nagios3 packages fix arbitrary code execution
• Previous by thread: One Click Ownage [White Paper and Scripts]
• Next by thread: Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome
• Index(es):
  • Date
  • Thread

---

Relevant Pages US-CERT Technical Cyber Security Alert TA06-107A -- Mozilla Products Contain Multipl ... Mozilla Products Contain Multiple Vulnerabilities ... VU#932734 - Mozilla crypto.generateCRMFRequestvulnerability ... US-CERT Vulnerability Note VU#932734 - ... (comp.security.announce) US-CERT Technical Cyber Security Alert TA06-107A -- Mozilla Products Contain Multipl ... Mozilla Products Contain Multiple Vulnerabilities ... VU#932734 - Mozilla crypto.generateCRMFRequestvulnerability ... US-CERT Vulnerability Note VU#932734 - ... (Cert) Multiple vulnerabilities in Mozilla products ... Multiple vulnerabilities in Mozilla products ... execute arbitrary code on an affected system. ... Mozilla Mail contains a stack overflow vulnerability in the display ... A vulnerability affecting Mozilla web browsers may allow violation of ... (microsoft.public.windowsxp.general) Re: Mozilla/Firefox/Thuderbird CERT Advisory ... > Multiple vulnerabilities in Mozilla products ... > execute arbitrary code on an affected system. ... > Mozilla Mail contains a stack overflow vulnerability in the display ... > remote attacker may be able to execute arbitrary code on the victim's ... (linux.redhat) Two Vulnerabilities in Mozilla may lead to remote compromise ... Two Vulnerabilities in Mozilla may lead to remote compromise. ... The first vulnerability affects firefox, and may affect mozilla as well. ... the attacker will be able to compromise the victim's system. ... byte bug, he/she can cause mozilla to show the contents of one of the cache files as an html file, ... (Bugtraq)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)