Candidate: CVE-2009-3014
PublicDate: 2009-08-31 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3014
Description:
 Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre;
 SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle
 javascript: URIs in HTML links within 302 error documents sent from web
 servers, which allows user-assisted remote attackers to conduct cross-site
 scripting (XSS) attacks via vectors related to (1) injecting a Location
 HTTP response header or (2) specifying the content of a Location HTTP
 response header.
Ubuntu-Description:
Notes:
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
  mapping of xulrunner sources to firefox is:
   xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
   xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
   xulrunner-1.9: firefox-3.0
   xulrunner-1.9.1: firefox-3.5
 jdstrand> Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
  the system xulrunner-1.9.2, so it is tracked in the firefox source package.
 jdstrand> per upstream: "Furthermore nome of the bugs you have referenced are
  XSS. JavaScript executing within the context of the site that served it is
  not cross-site anything."
Bugs:
 https://bugzilla.mozilla.org/show_bug.cgi?id=513487
Priority: low
Discovered-by:
Assigned-to: asac
CVSS: 

Patches_xulrunner-1.9:
upstream_xulrunner-1.9: ignored
dapper_xulrunner-1.9: DNE
hardy_xulrunner-1.9: ignored
intrepid_xulrunner-1.9: ignored
jaunty_xulrunner-1.9: ignored
karmic_xulrunner-1.9: DNE
devel_xulrunner-1.9: DNE

Patches_xulrunner-1.9.1:
upstream_xulrunner-1.9.1: ignored
dapper_xulrunner-1.9.1: DNE
hardy_xulrunner-1.9.1: DNE
intrepid_xulrunner-1.9.1: DNE
jaunty_xulrunner-1.9.1: ignored
karmic_xulrunner-1.9.1: ignored
devel_xulrunner-1.9.1: ignored

Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: ignored
dapper_xulrunner-1.9.2: DNE
hardy_xulrunner-1.9.2: ignored
intrepid_xulrunner-1.9.2: DNE
jaunty_xulrunner-1.9.2: needs-triage
karmic_xulrunner-1.9.2: needs-triage
devel_xulrunner-1.9.2: ignored


Patches_seamonkey:
upstream_seamonkey: ignored
dapper_seamonkey: DNE
hardy_seamonkey: ignored
intrepid_seamonkey: ignored
jaunty_seamonkey: ignored
karmic_seamonkey: ignored
devel_seamonkey: ignored


upstream_firefox: needs-triage
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: ignored
intrepid_firefox: DNE
jaunty_firefox: DNE
karmic_firefox: DNE
devel_firefox: ignored