CVE-2009-3018

Name of the Vulnerable Software and Affected Versions: Maxthon Browser version 3.0.0.145 Alpha with Ultramode

Description: The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via several vectors related to improper blocking of javascript: and data: URIs in HTTP responses. This includes injecting Refresh headers with javascript: URIs, entering javascript: URIs when specifying Refresh header content, injecting Refresh headers with JavaScript sequences in data:text/html URIs, and entering data:text/html URIs with JavaScript sequences when specifying Refresh header content. Additionally, it affects Location headers in HTTP responses, allowing user-assisted remote attackers to conduct XSS attacks via injecting Location headers with JavaScript sequences in data:text/html URIs or entering such URIs when specifying Location header content. The issue also involves improper handling of javascript: URIs in HTML links within 301 and 302 error documents sent from web servers, enabling user-assisted remote attackers to conduct XSS attacks via injecting or specifying the content of Location HTTP response headers.

Recommendations: For Maxthon Browser version 3.0.0.145 Alpha with Ultramode, consider disabling the handling of javascript: URIs in Refresh and Location headers as a temporary workaround until a patch is available. Restrict access to data:text/html URIs to minimize the risk of exploitation. Avoid using javascript: URIs in HTML links within error documents sent from web servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.