16.44.55 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome | |
I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday (29.06.2009) and also informed corresponding browsers developers about this vulnerability. At 21.04.2009 there was fixed vulnerability in Firefox 3.0.9 (http://www.mozilla.org/ allowed to conduct XSS attacks via Refresh header. And as I checked, this attack is also working in Mozilla, IE6, Opera and Chrome. XSS: With request to script at web site: http://site/script.php?param= Which returns in answer the refresh header: refresh: 0; URL=javascript:alert(document. The code will work in context of this site. Vulnerable version is Mozilla 1.7.x and previous versions. Vulnerable version is Mozilla Firefox 3.0.8 and previous versions. Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous versions. And potentially next versions (IE7 and IE8). Vulnerable version is Opera 9.52 and previous versions (and potentially next versions too). Vulnerable version is Google Chrome 1.0.154.48 and previous versions (and potentially next versions too). I mentioned about this vulnerability at my site (http://websecurity.com.ua/ | |
|
| |
| Total comments: 0 | |