Mozilla Firefox 3.6 a1 Prerelease
Approved changes feed: RSS · Atom
cpe:2.3:a:mozilla:firefox:3.6:a1_prerelease:*:*:*:*:*:*
part: a version: 3.6 update: a1_prerelease
| Vendor | Mozilla (be1b0d4e-21a7-5a25-9982-bbda6ef43ec1) |
|---|---|
| Product | Firefox (d152d976-2d5e-5cc4-89b6-e80c6d067896) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/firefox |
purl2cpe | 2026-06-01 10:17:52.918150 |
pkg:mozilla/mozilla-central |
purl2cpe | 2026-06-01 10:17:52.918157 |
pkg:rpm/fedora/firefox |
purl2cpe | 2026-06-01 10:17:52.918158 |
pkg:rpm/opensuse/mozillafirefox |
purl2cpe | 2026-06-01 10:17:52.918160 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2009-3010 |
vulnerable | 2026-06-03 14:29:44.436093 |
Details available
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product versions, the JavaScript executes outside of the context of the HTTP site.
Published: 2009-08-31T16:00:00.000Z
Updated: 2024-08-07T06:14:55.402Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.