MEDIUM
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/34758
http://secunia.com/advisories/34780
http://secunia.com/advisories/34843
http://secunia.com/advisories/34894
http://secunia.com/advisories/35042
http://secunia.com/advisories/35065
http://secunia.com/advisories/35536
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1797
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.securityfocus.com/bid/34656
http://www.securitytracker.com/id?1022097
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
http://www.ubuntu.com/usn/usn-782-1
http://www.vupen.com/english/advisories/2009/1125
https://bugzilla.mozilla.org/show_bug.cgi?id=481558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html