Cross-Site Scripting vulnerabiliy in Firefox and Opera

["MustLive" <mustlive () websecurity com ua>]

Hello Bugtraq!

I want to warn you about Cross-Site Scripting vulnerability in Firefox and
Opera, which I found at 13.07.2009 and published last month at my site.

This advisory related to my advisory about Cross-Site Scripting
vulnerability in Mozilla, Firefox and Chrome
(http://www.securityfocus.com/archive/1/504972/30/0/threaded), but if there
was attack via refresh-header redirectors, then this time attack is via
location-header redirectors.

This Cross-Site Scripting vulnerability in browsers Firefox and Opera allows
to execute JavaScript code via location-header redirectors (and there are a
lot of them in Internet, more then refresh-header redirectors).

XSS:

With request to script at web site:

http://site/script.php?param=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2b

Which returns in answer the Location header and the code will execute in the
browser:

Location:
data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ+

Vulnerable are Firefox 3.0.12 and Opera, but without access to cookies (the
same as in case of refresh-header redirectors), because code executed not in
context of original site. It can be used for fishing and executing of
JavaScript code (for malware spreading).

Vulnerable version is Mozilla Firefox 3.0.12 and previous versions (and 3.5
should be also vulnerable).

Vulnerable version is Opera 9.52 and previous versions (and
potentially next versions too).

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3323/).

P.S.

In my post about vulnerability at tinyurl.com
(http://websecurity.com.ua/3365/) I showed how this vulnerability in
browsers can be used for malware spreading via this redirecting service (and
other redirecting services in Internet).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


!DSPAM:4a748d98231141704614446!