Vulnerability detail
Enriched intelligence for a single CVE
Medium
CVE-2009-1308
PUBLISHEDCross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary...
- Vendor
- Mozilla
- Product
- Firefox, Thunderbird, SeaMonkey
- Published
- Apr 22, 2009
- EPSS
- —
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
CVSS scores
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitation status
Exploited in the wild
Recorded 2009-04-22 18:00:00 UTC · CVE
References
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
- http://secunia.com/advisories/34894
- http://www.vupen.com/english/advisories/2009/1125
- http://secunia.com/advisories/34758
- http://secunia.com/advisories/35536
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
- https://bugzilla.mozilla.org/show_bug.cgi?id=481558
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
- http://www.ubuntu.com/usn/usn-782-1
- http://secunia.com/advisories/35065
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
- http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
- https://usn.ubuntu.com/764-1/
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
- http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
- http://secunia.com/advisories/35042
- http://www.securityfocus.com/bid/34656
- http://secunia.com/advisories/34843
- http://www.debian.org/security/2009/dsa-1797
- http://www.redhat.com/support/errata/RHSA-2009-0436.html
- http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
- http://www.redhat.com/support/errata/RHSA-2009-1126.html
- http://secunia.com/advisories/34780
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
- http://www.securitytracker.com/id?1022097
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CVE First | 2009-04-22 18:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel