CVE-2009-3010

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.0.13 and earlier Mozilla Firefox version 3.5 Mozilla Firefox version 3.6 a1 pre Mozilla Firefox version 3.7 a1 pre SeaMonkey version 1.1.17 Mozilla versions 1.7.x and earlier

Description: The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. In some product versions, the JavaScript executes outside of the context of the HTTP site.

Recommendations: For Mozilla Firefox versions 3.0.13 and earlier, update to a version later than 3.0.13 to resolve the issue. For Mozilla Firefox version 3.5, update to a version later than 3.5 to resolve the issue. For Mozilla Firefox version 3.6 a1 pre, update to a version later than 3.6 a1 pre to resolve the issue. For Mozilla Firefox version 3.7 a1 pre, update to a version later than 3.7 a1 pre to resolve the issue. For SeaMonkey version 1.1.17, update to a version later than 1.1.17 to resolve the issue. For Mozilla versions 1.7.x and earlier, update to a version later than 1.7.x to resolve the issue.