I want to warn you about Cross-Site Scripting vulnerabilities in Mozilla,
Internet Explorer, Opera and Chrome. I wrote about it at my site this Monday
(29.06.2009) and also informed corresponding browsers developers about this
At 21.04.2009 there was fixed vulnerability in Firefox 3.0.9
allowed to conduct XSS attacks via Refresh header. And as I checked, this
attack is also working in Mozilla, IE6, Opera and Chrome.
With request to script at web site:
Which returns in answer the refresh header:
The code will work in context of this site.
Vulnerable version is Mozilla 1.7.x and previous versions.
Vulnerable version is Mozilla Firefox 3.0.8 and previous versions.
Vulnerable version is Internet Explorer 6 (6.0.2900.2180) and previous
versions. And potentially next versions (IE7 and IE8).
Vulnerable version is Opera 9.52 and previous versions (and potentially next
Vulnerable version is Google Chrome 22.214.171.124 and previous versions (and
potentially next versions too).
I mentioned about this vulnerability at my site
Best wishes & regards,
Administrator of Websecurity web site