[CVE 2009-3985] URL spoofing via invalid document.location

Advisory: Location bar spoofing vulnerabilities

CVE 2010-2751: URL spoofing via invalid document.location

Announced: December 15, 2009
Reporter: Jordi Chancel
Impact: Moderate
Products: Firefox, SeaMonkey
Fixed in: Firefox 3.0.16 – Firefox 3.5.6 – SeaMonkey 2.0.1


Security researcher Jordi Chancel reported an issue similar to
one fixed in mfsa2009-44 in which a web page can set document.location to a URL that
can’t be displayed properly and then inject content into the resulting blank page.
An attacker could use this vulnerability to place a legitimate-looking but invalid URL
in the location bar and inject HTML and JavaScript into the body of the page, resulting in a spoofing attack.

  • Vidéo de démonstration :

Security Researcher Jordi Chancel