[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-1308Date: (C)2009-04-22   (M)2024-03-27


Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1022097
SUNALERT-264308
BID-34656
SECUNIA-34758
SECUNIA-34780
SECUNIA-34843
SECUNIA-34894
SECUNIA-35042
SECUNIA-35065
SECUNIA-35536
ADV-2009-1125
DSA-1797
FEDORA-2009-3875
MDVSA-2009:111
MDVSA-2009:141
RHSA-2009:0436
RHSA-2009:1126
SUSE-SR:2009:010
USN-764-1
USN-782-1
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
https://bugzilla.mozilla.org/show_bug.cgi?id=481558
oval:org.mitre.oval:def:10428
oval:org.mitre.oval:def:6173
oval:org.mitre.oval:def:6185
oval:org.mitre.oval:def:6296
oval:org.mitre.oval:def:7285

CWE    1
CWE-79
OVAL    58
oval:org.mitre.oval:def:6173
oval:org.secpod.oval:def:202034
oval:org.secpod.oval:def:500513
oval:org.secpod.oval:def:202714
...

© SecPod Technologies