RedhatCVELIST:CVE-2009-1308CVE-2009-1308
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
References
lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
secunia.com/advisories/34758
secunia.com/advisories/34780
secunia.com/advisories/34843
secunia.com/advisories/34894
secunia.com/advisories/35042
secunia.com/advisories/35065
secunia.com/advisories/35536
sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
www.debian.org/security/2009/dsa-1797
www.mandriva.com/security/advisories?name=MDVSA-2009:111
www.mandriva.com/security/advisories?name=MDVSA-2009:141
www.mozilla.org/security/announce/2009/mfsa2009-18.html
www.redhat.com/support/errata/RHSA-2009-0436.html
www.redhat.com/support/errata/RHSA-2009-1126.html
www.securityfocus.com/bid/34656
www.securitytracker.com/id?1022097
www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
www.ubuntu.com/usn/usn-782-1
www.vupen.com/english/advisories/2009/1125
bugzilla.mozilla.org/show_bug.cgi?id=481558
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
usn.ubuntu.com/764-1/
www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
Related
