CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
73.4%
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9,
Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web
script or HTML via vectors involving XBL JavaScript bindings and remote
stylesheets, as exploited in the wild by a March 2009 eBay listing.
Author | Note |
---|---|
jdstrand | CVEs in Firefox are tracked in the xulrunner source packages. The mapping of xulrunner sources to firefox is: xulrunner (1.8.0): firefox (1.5) - Ubuntu 6.06 LTS xulrunner (1.8.1): firefox (2.0) - Ubuntu 6.10 - 8.04 LTS xulrunner-1.9: firefox-3.0 xulrunner-1.9.1: firefox-3.5 Ubuntu 6.06 LTS and 10.04 LTS uses the embedded xulrunner and not the system xulrunner-1.9.2, so it is tracked in the firefox source package. this is a new security feature, not a vulnerability per se |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 | UNKNOWN |
ubuntu | 10.04 | noarch | thunderbird | < 2.0.0.22+build1+nobinonly-0ubuntu1.nspr474 | UNKNOWN |
ubuntu | 8.04 | noarch | xulrunner-1.9 | < 1.9.0.9+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
ubuntu | 8.10 | noarch | xulrunner-1.9 | < 1.9.0.9+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
ubuntu | 9.04 | noarch | xulrunner-1.9 | < 1.9.0.9+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.04 | noarch | xulrunner-1.9.1 | < 1.9.1+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
ubuntu | 9.10 | noarch | xulrunner-1.9.1 | < 1.9.1~rc2+nobinonly-0ubuntu1 | UNKNOWN |