CVE-2009-1308

MEDIUM

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

References

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

http://secunia.com/advisories/34758

http://secunia.com/advisories/34780

http://secunia.com/advisories/34843

http://secunia.com/advisories/34894

http://secunia.com/advisories/35042

http://secunia.com/advisories/35065

http://secunia.com/advisories/35536

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

http://www.debian.org/security/2009/dsa-1797

http://www.mandriva.com/security/advisories?name=MDVSA-2009:111

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

http://www.mozilla.org/security/announce/2009/mfsa2009-18.html

http://www.redhat.com/support/errata/RHSA-2009-0436.html

http://www.redhat.com/support/errata/RHSA-2009-1126.html

http://www.securityfocus.com/bid/34656

http://www.securitytracker.com/id?1022097

http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/

http://www.ubuntu.com/usn/usn-782-1

http://www.vupen.com/english/advisories/2009/1125

https://bugzilla.mozilla.org/show_bug.cgi?id=481558

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285

https://usn.ubuntu.com/764-1/

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

Details

Source: MITRE

Published: 2009-04-22

Updated: 2018-10-03

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM