Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2009-1308

Date: April 22, 2009

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

Severity Score

Related Resources (32)

http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
http://www.debian.org/security/2009/dsa-1797
http://secunia.com/advisories/34758
https://access.redhat.com/security/cve/CVE-2009-1308
http://secunia.com/advisories/35042
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://secunia.com/advisories/35065
https://usn.ubuntu.com/764-1/
https://bugzilla.mozilla.org/show_bug.cgi?id=481558
http://secunia.com/advisories/34894
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
http://www.redhat.com/support/errata/RHSA-2009-1126.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1308
http://www.vupen.com/english/advisories/2009/1125
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://secunia.com/advisories/35536
http://secunia.com/advisories/34843
http://www.securitytracker.com/id?1022097
http://secunia.com/advisories/34780
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
http://www.securityfocus.com/bid/34656
http://www.ubuntu.com/usn/usn-782-1
https://nvd.nist.gov/vuln/detail/CVE-2009-1308
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
https://www.mend.io/vulnerability-database/CVE-2009-1308

Severity Score

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us