CVE-2009-1308

medium

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

References

https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

https://usn.ubuntu.com/764-1/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428

http://www.vupen.com/english/advisories/2009/1125

http://www.ubuntu.com/usn/usn-782-1

http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/

http://www.securitytracker.com/id?1022097

http://www.securityfocus.com/bid/34656

http://www.redhat.com/support/errata/RHSA-2009-1126.html

http://www.redhat.com/support/errata/RHSA-2009-0436.html

http://www.mozilla.org/security/announce/2009/mfsa2009-18.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

http://www.mandriva.com/security/advisories?name=MDVSA-2009:111

http://www.debian.org/security/2009/dsa-1797

http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

http://secunia.com/advisories/35536

http://secunia.com/advisories/35065

http://secunia.com/advisories/35042

http://secunia.com/advisories/34894

http://secunia.com/advisories/34843

http://secunia.com/advisories/34780

http://secunia.com/advisories/34758

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

Details

Source: Mitre, NVD

Published: 2009-04-22

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium