1
Candidate: CVE-2009-3014
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3014
6
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre;
7
SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle
8
javascript: URIs in HTML links within 302 error documents sent from web
9
servers, which allows user-assisted remote attackers to conduct cross-site
10
scripting (XSS) attacks via vectors related to (1) injecting a Location
11
HTTP response header or (2) specifying the content of a Location HTTP
15
jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
16
mapping of xulrunner sources to firefox is:
17
xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
18
xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
19
xulrunner-1.9: firefox-3.0
20
xulrunner-1.9.1: firefox-3.5
21
jdstrand: Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
22
the system xulrunner-1.9.2, so it is tracked in the firefox source package.
23
jdstrand> per upstream: "Furthermore nome of the bugs you have referenced are
24
XSS. JavaScript executing within the context of the site that served it is
25
not cross-site anything."
27
https://bugzilla.mozilla.org/show_bug.cgi?id=513487
32
Patches_xulrunner-1.9:
33
upstream_xulrunner-1.9: ignored
34
dapper_xulrunner-1.9: DNE
35
hardy_xulrunner-1.9: ignored
36
intrepid_xulrunner-1.9: ignored
37
jaunty_xulrunner-1.9: ignored
38
karmic_xulrunner-1.9: DNE
39
devel_xulrunner-1.9: DNE
41
Patches_xulrunner-1.9.1:
42
upstream_xulrunner-1.9.1: ignored
43
dapper_xulrunner-1.9.1: DNE
44
hardy_xulrunner-1.9.1: DNE
45
intrepid_xulrunner-1.9.1: DNE
46
jaunty_xulrunner-1.9.1: ignored
47
karmic_xulrunner-1.9.1: ignored
48
devel_xulrunner-1.9.1: ignored
50
Patches_xulrunner-1.9.2:
51
upstream_xulrunner-1.9.2: ignored
52
dapper_xulrunner-1.9.2: DNE
53
hardy_xulrunner-1.9.2: ignored
54
intrepid_xulrunner-1.9.2: DNE
55
jaunty_xulrunner-1.9.2: needs-triage
56
karmic_xulrunner-1.9.2: needs-triage
57
devel_xulrunner-1.9.2: ignored
61
upstream_seamonkey: ignored
63
hardy_seamonkey: ignored
64
intrepid_seamonkey: ignored
65
jaunty_seamonkey: ignored
66
karmic_seamonkey: ignored
67
devel_seamonkey: ignored
71
dapper_firefox: ignored (reached end-of-life)
72
hardy_firefox: ignored
76
devel_firefox: ignored