CVE-2009-3012

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre

Description: The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to injecting a Location header that contains JavaScript sequences in a data:text/html URI or entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. The JavaScript executes outside of the context of the HTTP site.

Recommendations: For Mozilla Firefox versions 3.0.13 and earlier, update to a version later than 3.0.13 to resolve the issue. For Mozilla Firefox version 3.5, update to a version later than 3.5 to resolve the issue. For Mozilla Firefox versions 3.6 a1 pre and 3.7 a1 pre, update to a version later than the pre-release versions to resolve the issue.