CVE-2009-1308 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9,
Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web
script or HTML via vectors involving XBL JavaScript bindings and remote
stylesheets, as exploited in the wild by a March 2009 eBay listing.
Notes
 jdstrand> CVEs in Firefox are tracked in the xulrunner source packages. The
  mapping of xulrunner sources to firefox is:
  xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS
  xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS
  xulrunner-1.9: firefox-3.0
  xulrunner-1.9.1: firefox-3.5
 jdstrand: Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not
  the system xulrunner-1.9.2, so it is tracked in the firefox source package.
 jdstrand> this is a new security feature, not a vulnerability per se
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:47:43 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)