Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-04-22 11:30
Updated : 2023-02-12 18:20
NVD link : CVE-2009-1308
Mitre link : CVE-2009-1308
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
mozilla
- firefox
- seamonkey
- thunderbird