CVE-2009-1308
EXPLOITED IN THE WILDFirefox < 3.0.9 - Cross-Site Scripting via XBL JavaScript Bindings
Title source: llmExploitation Summary
CVE-2009-1308 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io).
Description
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
References (28)
Core 28
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34894
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1125
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34758
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35536
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
Exploit x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=481558
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-782-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35065
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
Vendor Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/764-1/
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35042
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34656
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34843
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1797
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0436.html
Various Sources x_refsource_misc
http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1126.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34780
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022097
Scores
EPSS
0.0229
EPSS Percentile
81.2%
Details
VulnCheck KEV
2009-04-22
InTheWild.io
2018-10-03
CWE
CWE-79
Status
published
Products (45)
mozilla/firefox
0.1
mozilla/firefox
0.2
mozilla/firefox
0.3
mozilla/firefox
0.4
mozilla/firefox
0.5
mozilla/firefox
0.6
mozilla/firefox
0.6.1
mozilla/firefox
0.7
mozilla/firefox
0.7.1
mozilla/firefox
0.8
... and 35 more
Published
Apr 22, 2009
Tracked Since
Feb 18, 2026