Lucene search
MitreCVE-2009-2351HistoryJul 07, 2009 - 11:30 p.m.
CVE-2009-2351
2009-07-0723:30:00
CWE-79
mitre
web.nvd.nist.gov
32
opera
xss
javascript
uri
http
refresh headers
security vulnerability
cve-2009-2351
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.035
Percentile
91.6%
Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.
Affected configurations
Node
operaopera_browserRange≤9.52
ORoperaopera_browserMatch7.0
ORoperaopera_browserMatch7.23
ORoperaopera_browserMatch7.53
ORoperaopera_browserMatch7.54
ORoperaopera_browserMatch7.60
ORoperaopera_browserMatch8.0
ORoperaopera_browserMatch8.01
ORoperaopera_browserMatch8.02
ORoperaopera_browserMatch8.50
ORoperaopera_browserMatch8.51
ORoperaopera_browserMatch8.52
ORoperaopera_browserMatch8.53
ORoperaopera_browserMatch8.54
ORoperaopera_browserMatch9.0
ORoperaopera_browserMatch9.01
ORoperaopera_browserMatch9.02
ORoperaopera_browserMatch9.10
ORoperaopera_browserMatch9.12
ORoperaopera_browserMatch9.20
ORoperaopera_browserMatch9.21
ORoperaopera_browserMatch9.22
ORoperaopera_browserMatch9.51
ORoperaopera_browserMatch10.00beta_3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opera | opera_browser | * | cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* |
| opera | opera_browser | 7.0 | cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:* |
| opera | opera_browser | 7.23 | cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:* |
| opera | opera_browser | 7.53 | cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:* |
| opera | opera_browser | 7.54 | cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:* |
| opera | opera_browser | 7.60 | cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:* |
| opera | opera_browser | 8.0 | cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:* |
| opera | opera_browser | 8.01 | cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:* |
| opera | opera_browser | 8.02 | cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:* |
| opera | opera_browser | 8.50 | cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:* |
Related
nvd
nvd
cvelist
cvelist
prion
prion
Cross site scripting
2009-07-07 23:30:00
Cross site scripting
2009-04-22 18:30:00
Cross site scripting
2009-07-07 23:30:00
openvas
openvas
Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Linux)
2009-07-09 00:00:00
Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Windows
2009-07-09 00:00:00
Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Linux
2009-07-09 00:00:00
mozilla
mozilla
Firefox allows Refresh header to redirect to javascript: URIs — Mozilla
2009-04-21 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-22
2009-04-23 00:00:00
Mozilla Firefox / Seamonkey multiple security vulnerabilities
2009-04-28 00:00:00
exploitdb
exploitdb
Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting
2009-04-22 00:00:00
ubuntucve
ubuntucve
CVE-2009-1312
2009-04-22 00:00:00
cve
cve
veracode
veracode
Phishing Attacks
2020-04-10 00:33:08
debiancve
debiancve
CVE-2009-2352
2009-07-07 23:30:00
redhat
redhat
(RHSA-2009:0437) Critical: seamonkey security update
2009-04-21 00:00:00
(RHSA-2009:0436) Critical: firefox security update
2009-04-21 00:00:00
centos
centos
seamonkey security update
2009-04-22 19:48:58
seamonkey security update
2009-04-24 05:51:23
firefox, xulrunner security update
2009-04-23 11:19:15
nessus
nessus
RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0437)
2009-04-22 00:00:00
Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0437)
2013-07-12 00:00:00
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
oraclelinux
oraclelinux
seamonkey security update
2009-04-21 00:00:00
firefox security update
2009-04-22 00:00:00
debian
debian
[SECURITY] [DSA 1797-1] New xulrunner packages fix several vulnerabilities
2009-05-09 13:00:16
osv
osv
xulrunner - several vulnerabilities
2009-05-09 00:00:00
freebsd
freebsd
mozilla -- multiple vulnerabilities
2009-04-21 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: mozvoikko-0.9.5-9.fc9
2009-04-22 20:27:04
[SECURITY] Fedora 10 Update: yelp-2.24.0-8.fc10
2009-04-24 19:52:12
[SECURITY] Fedora 9 Update: epiphany-extensions-2.22.1-10.fc9
2009-04-22 20:27:04
ubuntu
ubuntu
Firefox and Xulrunner vulnerabilities
2009-04-23 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.035
Percentile
91.6%
Related for CVE-2009-2351