cbcvebase.
CVE-2009-1308
published 2009-04-22

CVE-2009-1308: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or…

PriorityP273medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
2.29%
81.0th percentile
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

Affected

88 ranges· showing 25
VendorProductVersion rangeFixed in
mozillafirefox<= 3.0.8
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox
mozillafirefox

Detection & IOCsextracted from sources · hover to see the quote

  • XSS via XBL JavaScript bindings combined with remote/third-party stylesheets — restrict or alert on cross-origin XBL binding loads in Firefox/SeaMonkey/Thunderbird versions prior to 3.0.9
  • The vulnerability was exploited in the wild via a malicious eBay listing in March 2009; monitor for XBL binding references in user-supplied stylesheet content on web platforms
  • ·Mozilla mitigated this by enforcing same-origin policy for XBL bindings; the vulnerability only applies to Firefox before 3.0.9, Thunderbird, and SeaMonkey without this restriction
  • ·Affected products include Mozilla Firefox before 3.0.9, Thunderbird (unversioned at time of advisory), and SeaMonkey; patched packages include firefox-3.0.9 and xulrunner-1.9.0.9

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
vendor_ubuntu5.8MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.