header-logo
Suggest Exploit
vendor:
Firefox, Thunderbird, SeaMonkey
by:
SecurityFocus
8.8
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Firefox, Thunderbird, SeaMonkey
Affected Version From: Firefox 2.0.0.14, Thunderbird 2.0.0.14, SeaMonkey 1.1.9
Affected Version To: Firefox 3.0.1, Thunderbird 2.0.0.14, SeaMonkey 1.1.9
Patch Exists: YES
Related CWE: CVE-2008-2798
CPE: o:mozilla:firefox
Metasploit: https://www.rapid7.com/db/vulnerabilities/centos_linux-cesa-2008-0616/https://www.rapid7.com/db/vulnerabilities/windows-mozilla-multiple-vulns-2008-15/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0569/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0616/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0549/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-2798/https://www.rapid7.com/db/vulnerabilities/mozilla-seamonkey-cve-2008-2798/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2008-0547/https://www.rapid7.com/db/vulnerabilities/mfsa2008-21-cve-2008-2798/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-2798/https://www.rapid7.com/db/vulnerabilities/mozilla-thunderbird-cve-2008-2798/https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-2798/https://www.rapid7.com/db/vulnerabilities/centos_linux-cesa-2008-0547/https://www.rapid7.com/db/vulnerabilities/centos_linux-cesa-2008-0549/
Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=33424https://www.infosecmatter.com/nessus-plugin-library/?id=33571https://www.infosecmatter.com/nessus-plugin-library/?id=33423https://www.infosecmatter.com/nessus-plugin-library/?id=33741https://www.infosecmatter.com/nessus-plugin-library/?id=33567https://www.infosecmatter.com/nessus-plugin-library/?id=43702https://www.infosecmatter.com/nessus-plugin-library/?id=33400https://www.infosecmatter.com/nessus-plugin-library/?id=33498https://www.infosecmatter.com/nessus-plugin-library/?id=33455https://www.infosecmatter.com/nessus-plugin-library/?id=67731
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008

Mozilla Foundation Multiple Security Advisories

An attacker can exploit this vulnerability by crafting a malicious URL and sending it to a user. When the user visits the URL, the malicious script will be executed in the context of the vulnerable website, allowing the attacker to access the user's cookies and other sensitive information.

Mitigation:

Users should avoid following unsolicited links from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/34656/info

The Mozilla Foundation has released multiple security advisories specifying various vulnerabilities in Firefox, Thunderbird, and SeaMonkey.

Attackers can exploit these issues to bypass same-origin restrictions, obtain potentially sensitive information, and execute arbitrary script code with elevated privileges; other attacks are also possible. 

With request to script at web site:

http://www.example.com/script.php?param=javascript:alert(document.cookie)

Which returns in answer the refresh header:

refresh: 0; URL=javascript:alert(document.cookie)

Navigation

Suggest Exploit

Services By CQR