CVE-2009-1308

2009-04-2200:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9,
Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web
script or HTML via vectors involving XBL JavaScript bindings and remote
stylesheets, as exploited in the wild by a March 2009 eBay listing.

Notes

Author	Note
jdstrand	CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. this is a new security feature, not a vulnerability per se

Author

Note

jdstrand

CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. this is a new security feature, not a vulnerability per se

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1UNKNOWN
ubuntu9.04noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474UNKNOWN
ubuntu10.04noarchthunderbird< 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474UNKNOWN
ubuntu8.04noarchxulrunner-1.9< 1.9.0.9+nobinonly-0ubuntu0.8.04.1UNKNOWN
ubuntu8.10noarchxulrunner-1.9< 1.9.0.9+nobinonly-0ubuntu0.8.10.1UNKNOWN
ubuntu9.04noarchxulrunner-1.9< 1.9.0.9+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.04noarchxulrunner-1.9.1< 1.9.1+nobinonly-0ubuntu0.9.04.1UNKNOWN
ubuntu9.10noarchxulrunner-1.9.1< 1.9.1~rc2+nobinonly-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	8.10	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1	UNKNOWN
ubuntu	9.04	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1	UNKNOWN
ubuntu	9.10	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474	UNKNOWN
ubuntu	10.04	noarch	thunderbird	< 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474	UNKNOWN
ubuntu	8.04	noarch	xulrunner-1.9	< 1.9.0.9+nobinonly-0ubuntu0.8.04.1	UNKNOWN
ubuntu	8.10	noarch	xulrunner-1.9	< 1.9.0.9+nobinonly-0ubuntu0.8.10.1	UNKNOWN
ubuntu	9.04	noarch	xulrunner-1.9	< 1.9.0.9+nobinonly-0ubuntu0.9.04.1	UNKNOWN
ubuntu	9.04	noarch	xulrunner-1.9.1	< 1.9.1+nobinonly-0ubuntu0.9.04.1	UNKNOWN
ubuntu	9.10	noarch	xulrunner-1.9.1	< 1.9.1~rc2+nobinonly-0ubuntu1	UNKNOWN