CVE-2009-1308 Information

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9 Thunderbird and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets as exploited in the wild by a March 2009 eBay listing.

Reference

http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1797 http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://www.mozilla.org/security/announce/2009/mfsa2009-18.html http://www.redhat.com/support/errata/RHSA-2009-0436.html http://www.redhat.com/support/errata/RHSA-2009-1126.html http://www.securityfocus.com/bid/34656 http://www.securitytracker.com/id?1022097 http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/ http://www.ubuntu.com/usn/usn-782-1 http://www.vupen.com/english/advisories/2009/1125 https://bugzilla.mozilla.org/show_bug.cgi?id=481558 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10428 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6173 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6185 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6296 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7285 https://usn.ubuntu.com/764-1/ https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html