Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in Mozilla, Firefox, SeaMonkey, Orca Browser and Maxthon.

As I wrote about this vulnerability at my site
(http://websecurity.com.ua/3373/) at 30.07.2009, I found vulnerability in
Mozilla and Firefox 3.0.12 (and later checked in 3.0.13). Which allows to
bypass protection from executing of JavaScript code in location-header
redirectors (by redirecting to javascript: URI).

In Firefox at the sites, which use answer "302 Object moved" at request to
location-header redirector with setting of JavaScript code, the browser will
show "Object Moved" page, where there is this code in the link “here”. At
click on which the code will execute. I.e. it is Strictly social XSS.

XSS:

With request to script at web site:

... Read more »
Views: 1008 | Added by: apeh1706 | Date: 02 September 2009 | Comments (0)

SEC Consult Security Advisory < 20090901-0 >
==============================
=========================================
             title: File disclosure vulnerability in JSFTemplating,
                    Mojarra Scales and GlassFish Application Server v3 Admin
                    console
          products: JSFTemplating (FileStreamer/PhaseListener component)
                    Mojarra Scales
                    GlassFish Application Server v3 Preview (Admin console)
 vulnerable version: JSFTemplating: all versions < v1.2.11
                    Mojarra Scales: all versions < v1.3.2 ... Read more »
Views: 862 | Added by: apeh1706 | Date: 02 September 2009 | Comments (0)

close