CVE-2009-1312

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 3.0.9 SeaMonkey version 1.1.17 Mozilla Firefox version 3.6 a1 pre Mozilla versions 1.7.x and earlier

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Refresh header or specifying the content of a Refresh header in HTTP responses, due to the failure to block javascript: URIs in Refresh headers.

Recommendations For Mozilla Firefox versions prior to 3.0.9, update to version 3.0.9 or later. For SeaMonkey version 1.1.17, update to a version later than 1.1.17. For Mozilla Firefox version 3.6 a1 pre, update to a version later than 3.6 a1 pre. For Mozilla versions 1.7.x and earlier, update to a version later than 1.7.x.