CVE-2009-3014
Description
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
User-assisted XSS in Firefox 3.0.13 and earlier via javascript: URIs in 302 error pages, allowing code execution in site context.
Vulnerability
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier mishandle javascript: URIs in HTML links within 302 Object Moved error documents [1][2]. When a server returns a 302 response with a Location header containing a javascript: URI, the browser renders a page with a link pointing to that URI, typically labeled "here".
Exploitation
An attacker must identify a server-side redirector (e.g., ASP on IIS or nginx) that returns a 302 with a Location header crafted to contain a javascript: URI [2]. The attacker then tricks the victim into visiting the crafted URL (e.g., via a phishing link). The victim receives an "Object Moved" page with a clickable link; clicking it executes the attacker's JavaScript in the context of the original site.
Impact
Successful exploitation yields cross-site scripting (XSS) within the vulnerable site's origin. The attacker can execute arbitrary JavaScript, enabling cookie theft, session hijacking, or unauthorized actions on behalf of the victim.
Mitigation
The available references do not specify a fixed version [1][2]. Users should upgrade to a later build of Firefox (e.g., 3.5.1 or newer) which are likely patched. As a workaround, avoid clicking links in 302 error pages from untrusted sources.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
63cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.0.13
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.6:a1_pre:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.7:a1_pre:*:*:*:*:*:*
- (no CPE)range: <=3.0.13, 3.5, 3.6 a1 pre, 3.7 a1 pre
cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*+ 43 more
- cpe:2.3:a:mozilla:mozilla:*:*:*:*:*:*:*:*range: <=1.7
- cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:alpha:*:*:*:*:*:*
- cpe:2.3:a:mozilla:mozilla:1.6:beta:*:*:*:*:*:*
- (no CPE)range: 1.7.x and earlier
cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:mozilla:seamonkey:1.1.17:*:*:*:*:*:*:*
- (no CPE)range: 1.1.17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.