Cross-Site Scripting vulnerabiliy in Firefox and Opera
I want to warn you about Cross-Site Scripting vulnerability in Firefox and
Opera, which I found at 13.07.2009 and published last month at my site.
This advisory related to my advisory about Cross-Site Scripting
vulnerability in Mozilla, Firefox and Chrome
(http://www.securityfocus.com/archive/1/504972/30/0/threaded), but if there
was attack via refresh-header redirectors, then this time attack is via
This Cross-Site Scripting vulnerability in browsers Firefox and Opera allows
lot of them in Internet, more then refresh-header redirectors).
With request to script at web site:
Which returns in answer the Location header and the code will execute in the
Vulnerable are Firefox 3.0.12 and Opera, but without access to cookies (the
same as in case of refresh-header redirectors), because code executed not in
context of original site. It can be used for fishing and executing of
Vulnerable version is Mozilla Firefox 3.0.12 and previous versions (and 3.5
should be also vulnerable).
Vulnerable version is Opera 9.52 and previous versions (and
potentially next versions too).
I mentioned about this vulnerability at my site
In my post about vulnerability at tinyurl.com
(http://websecurity.com.ua/3365/) I showed how this vulnerability in
browsers can be used for malware spreading via this redirecting service (and
other redirecting services in Internet).
Best wishes & regards,
Administrator of Websecurity web site