Detections
Analytics
CVE-2009-1308
medium
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
References
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
http://www.vupen.com/english/advisories/2009/1125
http://www.ubuntu.com/usn/usn-782-1
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
http://www.securitytracker.com/id?1022097
http://www.securityfocus.com/bid/34656
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.debian.org/security/2009/dsa-1797
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://secunia.com/advisories/35536
http://secunia.com/advisories/35065
http://secunia.com/advisories/35042
http://secunia.com/advisories/34894
http://secunia.com/advisories/34843
http://secunia.com/advisories/34780
http://secunia.com/advisories/34758
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html