CVE-2009-1308 — Cross-site Scripting in Mozilla Firefox

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 21.94%

CISA KEV

Not in KEV

Exploit

Exploited in wild

Active exploitation observed

Affected products

Mozilla Firefox

Timeline

PublishedApr 22

Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDmozilla/firefox3.0.8+87

🔴Vulnerability Details

GHSA

GHSA-chqp-7f63-6c5w: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3↗2022-05-02

▶

VulnCheck

Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2009

▶

📋Vendor Advisories

Ubuntu

Thunderbird vulnerabilities↗2009-06-25

▶

Ubuntu

Firefox and Xulrunner vulnerabilities↗2009-04-23

▶

Red Hat

Firefox XSS hazard using third-party stylesheets and XBL bindings↗2009-04-21

▶

💬Community

Bugzilla

CVE-2009-1308 Firefox XSS hazard using third-party stylesheets and XBL bindings↗2009-04-17

▶