Your system may not meet the requirements for Firefox, but you can try one of these versions:

Your system doesn't meet the requirements to run Firefox.

Your system doesn't meet the requirements to run Firefox.

Please follow these instructions to install Firefox.

Firefox Privacy Notice

Mozilla Foundation Security Advisory 2009-22

Firefox allows Refresh header to redirect to javascript: URIs

Announced
April 21, 2009
Reporter
Michael
Impact
Moderate
Products
Firefox
Fixed in
  • Firefox 3.0.9

Description

Mozilla community member Michael reported that when a server responds with a Refresh header containing a javascript: URI, Firefox will redirect to the javascript: URI. If an attacker could inject a Refresh header into a server response, or could control the value that a site places in the Refresh header, they could use this vulnerability to perform an XSS attack and execute arbitrary JavaScript within the context of that site.

References