CVE-2009-3014

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.0.13 and earlier Mozilla Firefox version 3.5 Mozilla Firefox version 3.6 a1 pre Mozilla Firefox version 3.7 a1 pre SeaMonkey version 1.1.17 Mozilla versions 1.7.x and earlier

Description: The issue allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks. This is possible due to improper handling of javascript: URIs in HTML links within 302 error documents sent from web servers. Attack vectors are related to injecting or specifying the content of a Location HTTP response header.

Recommendations: For Mozilla Firefox versions 3.0.13 and earlier, update to a version later than 3.0.13 to resolve the issue. For Mozilla Firefox version 3.5, update to a version later than 3.5 to resolve the issue. For Mozilla Firefox version 3.6 a1 pre, update to a version later than 3.6 a1 pre to resolve the issue. For Mozilla Firefox version 3.7 a1 pre, update to a version later than 3.7 a1 pre to resolve the issue. For SeaMonkey version 1.1.17, update to a version later than 1.1.17 to resolve the issue. For Mozilla versions 1.7.x and earlier, update to a version later than 1.7.x to resolve the issue.