Vulnerability-Lookup

CVE-2009-1308 (GCVE-0-2009-1308)

Vulnerability from cvelistv5 – Published: 2009-04-22 18:00 – Updated: 2024-08-07 05:04

Summary

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/34894	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/1125	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/34758	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/35536	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://bugzilla.mozilla.org/show_bug.cgi?id=481558	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.ubuntu.com/usn/usn-782-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/35065	third-party-advisoryx_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.mozilla.org/security/announce/2009/mfs…	x_refsource_CONFIRM
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://usn.ubuntu.com/764-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/35042	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/34656	vdb-entryx_refsource_BID
	http://secunia.com/advisories/34843	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1797	vendor-advisoryx_refsource_DEBIAN
	http://www.redhat.com/support/errata/RHSA-2009-04…	vendor-advisoryx_refsource_REDHAT
	http://www.theregister.co.uk/2009/03/08/ebay_scam…	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.redhat.com/support/errata/RHSA-2009-11…	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/34780	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.securitytracker.com/id?1022097	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:111",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
          },
          {
            "name": "FEDORA-2009-3875",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
          },
          {
            "name": "34894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34894"
          },
          {
            "name": "ADV-2009-1125",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1125"
          },
          {
            "name": "34758",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34758"
          },
          {
            "name": "35536",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35536"
          },
          {
            "name": "oval:org.mitre.oval:def:6185",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
          },
          {
            "name": "oval:org.mitre.oval:def:7285",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
          },
          {
            "name": "USN-782-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-782-1"
          },
          {
            "name": "35065",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "oval:org.mitre.oval:def:6173",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10428",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
          },
          {
            "name": "USN-764-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/764-1/"
          },
          {
            "name": "MDVSA-2009:141",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
          },
          {
            "name": "SUSE-SR:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "35042",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35042"
          },
          {
            "name": "34656",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34656"
          },
          {
            "name": "34843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34843"
          },
          {
            "name": "DSA-1797",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1797"
          },
          {
            "name": "RHSA-2009:0436",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
          },
          {
            "name": "oval:org.mitre.oval:def:6296",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
          },
          {
            "name": "RHSA-2009:1126",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
          },
          {
            "name": "34780",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34780"
          },
          {
            "name": "264308",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
          },
          {
            "name": "1022097",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022097"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-03T20:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2009:111",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
        },
        {
          "name": "FEDORA-2009-3875",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
        },
        {
          "name": "34894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34894"
        },
        {
          "name": "ADV-2009-1125",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1125"
        },
        {
          "name": "34758",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34758"
        },
        {
          "name": "35536",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35536"
        },
        {
          "name": "oval:org.mitre.oval:def:6185",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
        },
        {
          "name": "oval:org.mitre.oval:def:7285",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
        },
        {
          "name": "USN-782-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-782-1"
        },
        {
          "name": "35065",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35065"
        },
        {
          "name": "oval:org.mitre.oval:def:6173",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10428",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
        },
        {
          "name": "USN-764-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/764-1/"
        },
        {
          "name": "MDVSA-2009:141",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
        },
        {
          "name": "SUSE-SR:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
        },
        {
          "name": "35042",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35042"
        },
        {
          "name": "34656",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34656"
        },
        {
          "name": "34843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34843"
        },
        {
          "name": "DSA-1797",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1797"
        },
        {
          "name": "RHSA-2009:0436",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
        },
        {
          "name": "oval:org.mitre.oval:def:6296",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
        },
        {
          "name": "RHSA-2009:1126",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
        },
        {
          "name": "34780",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34780"
        },
        {
          "name": "264308",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
        },
        {
          "name": "1022097",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022097"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1308",
    "datePublished": "2009-04-22T18:00:00.000Z",
    "dateReserved": "2009-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:04:49.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-ALE-014

Vulnerability from certfr_alerte - Published: 2009-08-07 - Updated: 2013-02-05

De multiples vulnérabilités conduisant, entre autres, à une exécution de code arbitraire à distance ont été découvertes dans Mozilla Thunderbird.

Description

De multiples vulnérabilités sont présentes dans la version 2.0.0.23 et dans les versions antérieures du client de messagerie Mozilla Thunderbrid. Ces vulnérabilités permettent de réaliser des actions malveillantes telles que le contournement de la politique de sécurité, l'élévation de privilège, ou encore l'exécution de code arbitraire à distance.

Pour le détail de chaque vulnérabilité, se reporter aux bulletins de sécurité de l'éditeur (cf. section Documentation).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Thunderbird	Mozilla Thunderbird version 2.0.0.23 et versions antérieures.

References

Title

Publication Time

Tags

Bulletins de sécurité Mozilla MFSA2009-18, MFSA2009-19, MFSA2009-31,	None	vendor-advisory
MFSA2009-34, MFSA2009-42, MFSA2009-43	None	vendor-advisory
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-19 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-34 du 21 juillet 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-42 du 01 août 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-43 du 01 août 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-18 du 21 avril 2009 :	-	other
Bulletin d'actualité du CERTA numéro CERTA-2009-ACT-032 du 07 août 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-31 du 11 juin 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mozilla Thunderbird version 2.0.0.23 et versions ant\u00e9rieures.",
      "product": {
        "name": "Thunderbird",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2013-02-05",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans la version 2.0.0.23 et\ndans les versions ant\u00e9rieures du client de messagerie Mozilla\nThunderbrid. Ces vuln\u00e9rabilit\u00e9s permettent de r\u00e9aliser des actions\nmalveillantes telles que le contournement de la politique de s\u00e9curit\u00e9,\nl\u0027\u00e9l\u00e9vation de privil\u00e8ge, ou encore l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n\nPour le d\u00e9tail de chaque vuln\u00e9rabilit\u00e9, se reporter aux bulletins de\ns\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2464"
    },
    {
      "name": "CVE-2009-2466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2466"
    },
    {
      "name": "CVE-2009-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1308"
    },
    {
      "name": "CVE-2009-2465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2465"
    },
    {
      "name": "CVE-2009-2462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2462"
    },
    {
      "name": "CVE-2009-2463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2463"
    },
    {
      "name": "CVE-2009-2404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2404"
    },
    {
      "name": "CVE-2009-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1840"
    },
    {
      "name": "CVE-2009-2408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2408"
    },
    {
      "name": "CVE-2009-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1309"
    }
  ],
  "initial_release_date": "2009-08-07T00:00:00",
  "last_revision_date": "2013-02-05T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-19 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-19.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-34 du 21 juillet 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-42 du 01 ao\u00fbt 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-43 du 01 ao\u00fbt 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-43.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-18 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 du CERTA num\u00e9ro CERTA-2009-ACT-032 du    07 ao\u00fbt 2009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2009-ACT-032/index.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-31 du 11 juin 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-31.html"
    }
  ],
  "reference": "CERTA-2009-ALE-014",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2009-08-07T00:00:00.000000"
    },
    {
      "description": "prise en compte de la version 2.0.0.23 ;",
      "revision_date": "2009-08-25T00:00:00.000000"
    },
    {
      "description": "fermeture de l\u0027alerte, suite \u00e0 la correction de l\u0027\u00e9diteur.",
      "revision_date": "2013-02-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s conduisant, entre autres, \u00e0 une ex\u00e9cution de\ncode arbitraire \u00e0 distance ont \u00e9t\u00e9 d\u00e9couvertes dans Mozilla Thunderbird.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s du client de messagerie Mozilla Thunderbird",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Mozilla MFSA2009-18, MFSA2009-19, MFSA2009-31,",
      "url": null
    },
    {
      "published_at": null,
      "title": "MFSA2009-34, MFSA2009-42, MFSA2009-43",
      "url": null
    }
  ]
}

GHSA-CHQP-7F63-6C5W

Vulnerability from github – Published: 2022-05-02 03:23 – Updated: 2025-04-09 04:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1308"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-22T18:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.",
  "id": "GHSA-chqp-7f63-6c5w",
  "modified": "2025-04-09T04:08:37Z",
  "published": "2022-05-02T03:23:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1308"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:0436"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2009:1126"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2009-1308"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496266"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/764-1"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34758"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34780"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34843"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34894"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35042"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/35536"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1797"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
    },
    {
      "type": "WEB",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34656"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022097"
    },
    {
      "type": "WEB",
      "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-782-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/1125"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-1308

Vulnerability from fkie_nvd - Published: 2009-04-22 18:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
secalert@redhat.com	http://secunia.com/advisories/34758
secalert@redhat.com	http://secunia.com/advisories/34780
secalert@redhat.com	http://secunia.com/advisories/34843
secalert@redhat.com	http://secunia.com/advisories/34894
secalert@redhat.com	http://secunia.com/advisories/35042
secalert@redhat.com	http://secunia.com/advisories/35065
secalert@redhat.com	http://secunia.com/advisories/35536
secalert@redhat.com	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
secalert@redhat.com	http://www.debian.org/security/2009/dsa-1797
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
secalert@redhat.com	http://www.mozilla.org/security/announce/2009/mfsa2009-18.html	Vendor Advisory
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-0436.html
secalert@redhat.com	http://www.redhat.com/support/errata/RHSA-2009-1126.html
secalert@redhat.com	http://www.securityfocus.com/bid/34656
secalert@redhat.com	http://www.securitytracker.com/id?1022097
secalert@redhat.com	http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
secalert@redhat.com	http://www.ubuntu.com/usn/usn-782-1
secalert@redhat.com	http://www.vupen.com/english/advisories/2009/1125
secalert@redhat.com	https://bugzilla.mozilla.org/show_bug.cgi?id=481558	Exploit
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
secalert@redhat.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
secalert@redhat.com	https://usn.ubuntu.com/764-1/
secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34758
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34780
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34843
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34894
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35042
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35065
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/35536
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1797
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2009:141
af854a3a-2127-422b-91ae-364da2661108	http://www.mozilla.org/security/announce/2009/mfsa2009-18.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-0436.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2009-1126.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34656
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022097
af854a3a-2127-422b-91ae-364da2661108	http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-782-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/1125
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.mozilla.org/show_bug.cgi?id=481558	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/764-1/
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html

Impacted products

Vendor	Product	Version
mozilla	firefox	*
mozilla	firefox	0.1
mozilla	firefox	0.2
mozilla	firefox	0.3
mozilla	firefox	0.4
mozilla	firefox	0.5
mozilla	firefox	0.6
mozilla	firefox	0.6.1
mozilla	firefox	0.7
mozilla	firefox	0.7.1
mozilla	firefox	0.8
mozilla	firefox	0.9
mozilla	firefox	0.9
mozilla	firefox	0.9.1
mozilla	firefox	0.9.2
mozilla	firefox	0.9.3
mozilla	firefox	0.9_rc
mozilla	firefox	0.10
mozilla	firefox	0.10.1
mozilla	firefox	1.0
mozilla	firefox	1.0
mozilla	firefox	1.0.1
mozilla	firefox	1.0.2
mozilla	firefox	1.0.3
mozilla	firefox	1.0.4
mozilla	firefox	1.0.5
mozilla	firefox	1.0.6
mozilla	firefox	1.0.6
mozilla	firefox	1.0.7
mozilla	firefox	1.0.8
mozilla	firefox	1.5
mozilla	firefox	1.5
mozilla	firefox	1.5
mozilla	firefox	1.5.0.1
mozilla	firefox	1.5.0.2
mozilla	firefox	1.5.0.3
mozilla	firefox	1.5.0.4
mozilla	firefox	1.5.0.5
mozilla	firefox	1.5.0.6
mozilla	firefox	1.5.0.7
mozilla	firefox	1.5.0.8
mozilla	firefox	1.5.0.9
mozilla	firefox	1.5.0.10
mozilla	firefox	1.5.0.11
mozilla	firefox	1.5.0.12
mozilla	firefox	1.5.1
mozilla	firefox	1.5.2
mozilla	firefox	1.5.3
mozilla	firefox	1.5.4
mozilla	firefox	1.5.5
mozilla	firefox	1.5.6
mozilla	firefox	1.5.7
mozilla	firefox	1.5.8
mozilla	firefox	1.8
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0
mozilla	firefox	2.0.0.1
mozilla	firefox	2.0.0.2
mozilla	firefox	2.0.0.3
mozilla	firefox	2.0.0.4
mozilla	firefox	2.0.0.5
mozilla	firefox	2.0.0.6
mozilla	firefox	2.0.0.7
mozilla	firefox	2.0.0.8
mozilla	firefox	2.0.0.9
mozilla	firefox	2.0.0.10
mozilla	firefox	2.0.0.11
mozilla	firefox	2.0.0.12
mozilla	firefox	2.0.0.13
mozilla	firefox	2.0.0.14
mozilla	firefox	2.0.0.15
mozilla	firefox	2.0.0.16
mozilla	firefox	2.0.0.17
mozilla	firefox	2.0.0.18
mozilla	firefox	2.0.0.19
mozilla	firefox	2.0.0.20
mozilla	firefox	2.0.0.21
mozilla	firefox	2.0_.1
mozilla	firefox	2.0_.4
mozilla	firefox	2.0_.5
mozilla	firefox	2.0_.6
mozilla	firefox	2.0_.7
mozilla	firefox	2.0_.9
mozilla	firefox	2.0_.10
mozilla	firefox	2.0_8
mozilla	firefox	3.0
mozilla	firefox	3.0
mozilla	firefox	3.0
mozilla	firefox	3.0
mozilla	firefox	3.0.1
mozilla	firefox	3.0.2
mozilla	firefox	3.0.3
mozilla	firefox	3.0.4
mozilla	firefox	3.0.5
mozilla	firefox	3.0.6
mozilla	firefox	3.0.7
mozilla	firefox	3.0beta5
mozilla	seamonkey	*
mozilla	thunderbird	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF7EBD73-EAFC-4D89-9962-8EBB2BB3DBDD",
              "versionEndIncluding": "3.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C7AA88B-638A-451A-B235-A1A1444BE417",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C01AD7C-8470-47AB-B8AE-670E3A381E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E43F2F1-9252-4B44-8A61-D05305915A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB9D48B-DC7B-4D92-BB26-B6DE629A2506",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A360D595-A829-4DDE-932E-9995626917E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9B5349-FAA7-4CDA-9533-1AD1ACDFAC4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "07243837-C353-4C25-A5B1-4DA32807E97D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B832C034-F793-415F-BFC8-D97A18BA6BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CD1A13-66CB-49CC-BD84-5D8334DB774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2434FCE7-A50B-4527-9970-C7224B31141C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5633FB6E-D623-49D4-9858-4E20E64DE458",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "429ECA02-DBCD-45FB-942C-CA4BC1BC8A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F0DC80-5473-465C-9D7F-9589F1B78E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "567FF916-7DE0-403C-8528-7931A43E0D18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*",
              "matchCriteriaId": "E15536D0-B6A3-4106-8196-021724324CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "010B34F4-910E-4515-990B-8E72DF009578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FAA1A89-E8D9-46D0-8E2C-9259920ACBFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A545A77-2198-4685-A87F-E0F2DAECECF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*",
              "matchCriteriaId": "438AACF8-006F-4522-853F-30DBBABD8C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "778FAE0C-A5CF-4B67-93A9-1A803E3E699F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7447185-7509-449D-8907-F30A42CF7EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EDBAC37-9D08-44D1-B279-BC6ACF126CAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FFF89FA-2020-43CC-BACD-D66117B3DD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "834BB391-5EB5-43A8-980A-D305EDAE6FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A38AD88-BAA6-4FBE-885B-69E951BD1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
              "matchCriteriaId": "659F5DAF-D54F-43FB-AB2A-3FC7D456B434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B500EE6C-99DB-49A3-A1F1-AFFD7FE28068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2938F2-A801-45E5-8E06-BE03DE03C8A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABB88E86-6E83-4A59-9266-8B98AA91774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "E19ED1CA-DEBD-4786-BA7B-C122C7D2E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "66BE50FE-EA21-4633-A181-CD35196DF06E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D6BF5B1-86D1-47FE-9D9C-735718F94874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84D15CE0-69DF-4EFD-801E-96A4D6AABEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE203DE-6C0E-4FDE-9C3A-0E73430F17DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2F38886-C25A-4C6B-93E7-36461405BA99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C65D2670-F37F-48CB-804A-D35BB1C27D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE8E5194-7B34-4802-BDA6-6A86EB5EDE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FABA5F56-99F7-4F8F-9CC1-5B0B2EB72922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "2917BD67-CE81-4B94-B241-D4A9DDA60319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A524A94E-F19B-42B9-AA8E-171751C339AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F71436CF-F756-44E0-8E69-6951F6B3E54A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "582EE839-B83F-4908-9780-D0C92DC44FD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "824369CF-00A0-434E-94BC-71CA1317012C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCB35099-B04E-4796-A25D-953329FE62F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DBEBCFD-80D6-466A-BAEF-C75E65A3B12E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C30ACBCA-4FA1-46DE-8F15-4830BC27E160",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9453EF65-7C69-449E-BF7C-4FECFB56713E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AA75825-21CF-475B-8040-126A13FA2216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA97C80E-17FA-4866-86CE-29886145ED80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DE24BED-202E-416D-B5F2-8207D97B9939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "04198E04-CE1D-4A5A-A20C-D1E135B45F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717DB967-F658-4699-A224-5B261BFEC10A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3487FA64-BE04-42CA-861E-3DAC097D7D32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "F61EA4A1-1916-48A5-8196-E3CDEF3108F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A956C036-1E47-49B2-A971-69868A510B75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F5AA254D-D41E-464F-9E2A-A950F08C6946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "B05D2655-6641-42BE-9793-30005AC9D40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D956DC-C73B-439F-8D79-8239207CC76F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E2C7E7-56C0-466C-BB08-5EB43922C4F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "462E135A-5616-46CC-A9C0-5A7A0526ACC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6121F9C1-F4DF-4AAB-9E51-AC1592AA5639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "58D44634-A0B5-4F05-8983-B08D392EC742",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB3AC3D3-FDD7-489F-BDCF-BDB55DF33A8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4105171B-9C90-4ABF-B220-A35E7BA9EE40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "20985549-DB24-4B69-9D40-208A47AE658E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A13026-416F-4308-8A1B-E989BD769E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "612B015E-9F96-4CE6-83E4-23848FD609E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E391619-0967-43E1-8CBC-4D54F72A85C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0544D626-E269-4677-9B05-7DAB23BD103B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95F7B2C-80FC-4DF2-9680-F74634DCE3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "863C140E-DC15-4A88-AB8A-8AEF9F4B8164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "38CD049A-5333-4FF7-AD34-6B74E19BADCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "0066576D-D66A-4B59-B5C3-471EEBEE8B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "60ED6DAA-9194-4829-BC1A-00F04BE7930A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "13BEB9A6-EFD5-4793-9603-84DB84F1CF7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "461163C6-4CA8-4BA9-95A1-136E612CBA6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "275E9D96-1290-44AB-BF9B-E9E4A803F593",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "140EFF03-09CB-436E-AF3F-1CEEFF4D3F1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D609B2-F66C-40F1-B7D9-965189F875A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "327D8879-0B61-4681-886D-C53BE251E0ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "59017F18-6C4E-4803-8A65-DB2A849C3197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF006282-943B-4885-B523-6E575D664059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26356AB4-1C06-4E16-BAC1-B6A41626A222",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC11707-DF87-4046-964D-40CF22385A48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73F1171-E34D-4AC0-BF8B-3DB38AA13EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0422C796-ECC4-42C1-9580-1CE22A096244",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "412DF091-7604-4110-87A0-3488116A97E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "7A1DE6AC-C6AA-4B27-AC21-3293E5357A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "13AAF607-AEEE-4FAF-BE63-73B1D951EF52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "20139741-10B1-4E4B-8D5F-A715042049C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E07FED-ABDB-4B0A-AB2E-4CBF1EAC4301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6558F1-9E0D-4107-909A-8EF4BC8A9C2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "63DF3D65-C992-44CF-89B4-893526C6242E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9024117-2E8B-4240-9E21-CC501F3879B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC3CAD3-2F54-4E32-A0C9-0D826C45AC23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52624B41-AB34-40AD-8709-D9646B618AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "917E9856-9556-4FD6-A834-858F8837A6B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "880CAA7D-398A-4B26-9754-FD188CE9729D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "138701FB-929A-4683-B41F-CB014ACFE44A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5C8E657-3049-4462-98F6-296C60BC8C5C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anteriores a 3.0.9, Thunderbird, y SeaMonkey permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante vectores involucrados con enlaces XBL JavaScript y hojas de estilo remotas, como ha sido explotado por una lista de eBay en Marzo de 2009."
    }
  ],
  "id": "CVE-2009-1308",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-22T18:30:00.327",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34758"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34780"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34843"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34894"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35042"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/35536"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2009/dsa-1797"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/34656"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1022097"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-782-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2009/1125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://usn.ubuntu.com/764-1/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/35536"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022097"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-782-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/1125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/764-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-1308

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1308

Aliases

CVE-2009-1308

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1308",
    "description": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.",
    "id": "GSD-2009-1308",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-1308.html",
      "https://www.debian.org/security/2009/dsa-1797",
      "https://access.redhat.com/errata/RHSA-2009:1126",
      "https://access.redhat.com/errata/RHSA-2009:0436",
      "https://linux.oracle.com/cve/CVE-2009-1308.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1308"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.",
      "id": "GSD-2009-1308",
      "modified": "2023-12-13T01:19:47.467325Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2009-1308",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
          },
          {
            "name": "http://secunia.com/advisories/35065",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35065"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
          },
          {
            "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1",
            "refsource": "MISC",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
          },
          {
            "name": "http://secunia.com/advisories/34758",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34758"
          },
          {
            "name": "http://secunia.com/advisories/34780",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34780"
          },
          {
            "name": "http://secunia.com/advisories/34843",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34843"
          },
          {
            "name": "http://secunia.com/advisories/34894",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/34894"
          },
          {
            "name": "http://secunia.com/advisories/35042",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35042"
          },
          {
            "name": "http://secunia.com/advisories/35536",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/35536"
          },
          {
            "name": "http://www.debian.org/security/2009/dsa-1797",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2009/dsa-1797"
          },
          {
            "name": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111",
            "refsource": "MISC",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-0436.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
          },
          {
            "name": "http://www.redhat.com/support/errata/RHSA-2009-1126.html",
            "refsource": "MISC",
            "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
          },
          {
            "name": "http://www.securityfocus.com/bid/34656",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/34656"
          },
          {
            "name": "http://www.ubuntu.com/usn/usn-782-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/usn-782-1"
          },
          {
            "name": "http://www.vupen.com/english/advisories/2009/1125",
            "refsource": "MISC",
            "url": "http://www.vupen.com/english/advisories/2009/1125"
          },
          {
            "name": "https://usn.ubuntu.com/764-1/",
            "refsource": "MISC",
            "url": "https://usn.ubuntu.com/764-1/"
          },
          {
            "name": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html",
            "refsource": "MISC",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
          },
          {
            "name": "http://www.securitytracker.com/id?1022097",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id?1022097"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html",
            "refsource": "MISC",
            "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
          },
          {
            "name": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/",
            "refsource": "MISC",
            "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558",
            "refsource": "MISC",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
          },
          {
            "name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285",
            "refsource": "MISC",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0_.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0beta5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.8",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2009-1308"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
            },
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
            },
            {
              "name": "1022097",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022097"
            },
            {
              "name": "34894",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34894"
            },
            {
              "name": "FEDORA-2009-3875",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
            },
            {
              "name": "34758",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34758"
            },
            {
              "name": "RHSA-2009:0436",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
            },
            {
              "name": "34656",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34656"
            },
            {
              "name": "34843",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34843"
            },
            {
              "name": "ADV-2009-1125",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/1125"
            },
            {
              "name": "34780",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/34780"
            },
            {
              "name": "SUSE-SR:2009:010",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
            },
            {
              "name": "35065",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35065"
            },
            {
              "name": "MDVSA-2009:111",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
            },
            {
              "name": "35042",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35042"
            },
            {
              "name": "DSA-1797",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1797"
            },
            {
              "name": "RHSA-2009:1126",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
            },
            {
              "name": "USN-782-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-782-1"
            },
            {
              "name": "35536",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/35536"
            },
            {
              "name": "MDVSA-2009:141",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
            },
            {
              "name": "264308",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
            },
            {
              "name": "oval:org.mitre.oval:def:7285",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
            },
            {
              "name": "oval:org.mitre.oval:def:6296",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
            },
            {
              "name": "oval:org.mitre.oval:def:6185",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
            },
            {
              "name": "oval:org.mitre.oval:def:6173",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
            },
            {
              "name": "oval:org.mitre.oval:def:10428",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
            },
            {
              "name": "USN-764-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://usn.ubuntu.com/764-1/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T02:20Z",
      "publishedDate": "2009-04-22T18:30Z"
    }
  }
}

CERTA-2009-AVI-157

Vulnerability from certfr_avis - Published: 2009-04-22 - Updated: 2009-04-22

Plusieurs vulnérabilités ont été identifiées dans le navigateur Mozilla Firefox. L'exploitation de celles-ci peut avoir des conséquences variées, du contournement de la politique de sécurité mise en place à l'exécutation de code arbitraire au cours d'une navigation sur une page spécialement construite.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Mozilla Firefox. Parmi celles-ci :

le moteur de navigation Mozilla manipule incorrectement certaines pages Web lorsque l'interprétation de code Javascript est active. Cela provoque une corruption de la mémoire pouvant conduire, sous certaines conditions, à l'exécution de code arbitraire à distance ;
l'interprétation de certains caractères graphiques est prise en compte par l'IDN (International Domain Names) et peut ainsi être détournée pour favoriser des attaques en filoutage (phishing) ;
le module Flash confond l'origine du contenu sous certaines conditions, ce qui permet alors au code interprété d'accéder illégitimement à certaines ressources (accès arbitraires en lecture et écriture des Local Shared Objects par exemple) ;
le navigateur ne manipule pas correctement les données de rafraichissement dans les en-têtes (Refresh) permettant à une page malveillante de lancer des attaques par injection de code indirecte ou à forcer, sous certaines conditions, le navigateur à interpréter du code JavaScript arbitraire dans le contexte d'un site victime.

Solution

Se référer aux avis de sécurité de Mozilla pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Mozilla	Firefox	Les versions de Mozilla Firefox antérieures à 3.0.9.

References

Title

Publication Time

Tags

Notes de mise à jour Mozilla Firefox 3.0.9 du 21 avril 2009	None	vendor-advisory
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-19 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-16 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-14 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-17 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-21 du 21 avril 2009 :	-	other
Avis de sécurité Mozilla pour Firefox 3.0 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-15 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-20 du 21 avril 2009 :	-	other
Notes de mise à jour Mozilla Firefox 3.0.9 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-18 du 21 avril 2009 :	-	other
Bulletin de sécurité de la fondation Mozilla 2009/mfsa2009-22 du 21 avril 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les versions de Mozilla Firefox ant\u00e9rieures \u00e0 3.0.9.",
      "product": {
        "name": "Firefox",
        "vendor": {
          "name": "Mozilla",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur Mozilla\nFirefox. Parmi celles-ci\u00a0:\n\n-   le moteur de navigation Mozilla manipule incorrectement certaines\n    pages Web lorsque l\u0027interpr\u00e9tation de code Javascript est active.\n    Cela provoque une corruption de la m\u00e9moire pouvant conduire, sous\n    certaines conditions, \u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\u00a0;\n-   l\u0027interpr\u00e9tation de certains caract\u00e8res graphiques est prise en\n    compte par l\u0027IDN (International Domain Names) et peut ainsi \u00eatre\n    d\u00e9tourn\u00e9e pour favoriser des attaques en filoutage (phishing)\u00a0;\n-   le module Flash confond l\u0027origine du contenu sous certaines\n    conditions, ce qui permet alors au code interpr\u00e9t\u00e9 d\u0027acc\u00e9der\n    ill\u00e9gitimement \u00e0 certaines ressources (acc\u00e8s arbitraires en lecture\n    et \u00e9criture des Local Shared Objects par exemple)\u00a0;\n-   le navigateur ne manipule pas correctement les donn\u00e9es de\n    rafraichissement dans les en-t\u00eates (Refresh) permettant \u00e0 une page\n    malveillante de lancer des attaques par injection de code indirecte\n    ou \u00e0 forcer, sous certaines conditions, le navigateur \u00e0 interpr\u00e9ter\n    du code JavaScript arbitraire dans le contexte d\u0027un site victime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux avis de s\u00e9curit\u00e9 de Mozilla pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1307"
    },
    {
      "name": "CVE-2009-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1304"
    },
    {
      "name": "CVE-2009-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0652"
    },
    {
      "name": "CVE-2009-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1308"
    },
    {
      "name": "CVE-2009-1312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1312"
    },
    {
      "name": "CVE-2009-1306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1306"
    },
    {
      "name": "CVE-2009-1305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1305"
    },
    {
      "name": "CVE-2009-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1311"
    },
    {
      "name": "CVE-2009-1310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1310"
    },
    {
      "name": "CVE-2009-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1302"
    },
    {
      "name": "CVE-2009-1303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1303"
    },
    {
      "name": "CVE-2009-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1309"
    }
  ],
  "initial_release_date": "2009-04-22T00:00:00",
  "last_revision_date": "2009-04-22T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-19 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-19.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-16 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-16.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-14 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-14.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-17 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-21 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-21.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mozilla pour Firefox 3.0\u00a0:",
      "url": "http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.9"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-15 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-20 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-20.html"
    },
    {
      "title": "Notes de mise \u00e0 jour Mozilla Firefox 3.0.9 du 21 avril    2009\u00a0:",
      "url": "http://www.mozilla.com/en-US/firefox/3.0.9/releasenotes/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-18 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de la fondation Mozilla    2009/mfsa2009-22 du 21 avril 2009 :",
      "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html"
    }
  ],
  "reference": "CERTA-2009-AVI-157",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur Mozilla\nFirefox. L\u0027exploitation de celles-ci peut avoir des cons\u00e9quences\nvari\u00e9es, du contournement de la politique de s\u00e9curit\u00e9 mise en place \u00e0\nl\u0027ex\u00e9cutation de code arbitraire au cours d\u0027une navigation sur une page\nsp\u00e9cialement construite.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Notes de mise \u00e0 jour Mozilla Firefox 3.0.9 du 21 avril 2009",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1308 (GCVE-0-2009-1308)

CERTA-2009-ALE-014

Description

Solution

GHSA-CHQP-7F63-6C5W

FKIE_CVE-2009-1308

GSD-2009-1308

CERTA-2009-AVI-157

Description

Solution

Tags

Sightings

Nomenclature