Back to KEVs

CVE-2009-1308

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 16, 2009
Published Date
April 22, 2009
Last Updated
August 07, 2024
Vendor
Mozilla
Product
Firefox, Thunderbird, SeaMonkey
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

CVSS Scores

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploit Status

Exploited in the Wild
Yes (2009-04-22 18:00:00 UTC) Source

References

http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html http://secunia.com/advisories/34894 http://www.vupen.com/english/advisories/2009/1125 http://secunia.com/advisories/34758 http://secunia.com/advisories/35536 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185 https://bugzilla.mozilla.org/show_bug.cgi?id=481558 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285 http://www.ubuntu.com/usn/usn-782-1 http://secunia.com/advisories/35065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173 http://www.mozilla.org/security/announce/2009/mfsa2009-18.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428 https://usn.ubuntu.com/764-1/ http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/35042 http://www.securityfocus.com/bid/34656 http://secunia.com/advisories/34843 http://www.debian.org/security/2009/dsa-1797 http://www.redhat.com/support/errata/RHSA-2009-0436.html http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296 http://www.redhat.com/support/errata/RHSA-2009-1126.html http://secunia.com/advisories/34780 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.securitytracker.com/id?1022097

Known Exploited Vulnerability Information

Source Added Date
CVE 2009-04-22 18:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel