CVE-2009-1310

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/34758
http://secunia.com/advisories/34843
http://secunia.com/advisories/34894
http://secunia.com/advisories/35065
http://secunia.com/advisories/36757
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1886
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://www.securityfocus.com/bid/34656
http://www.securitytracker.com/id?1022097
http://www.vupen.com/english/advisories/2009/1125
https://bugzilla.mozilla.org/show_bug.cgi?id=483086 Exploit Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6242
https://usn.ubuntu.com/764-1/
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
http://secunia.com/advisories/34758
http://secunia.com/advisories/34843
http://secunia.com/advisories/34894
http://secunia.com/advisories/35065
http://secunia.com/advisories/36757
http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1
http://www.debian.org/security/2009/dsa-1886
http://www.mandriva.com/security/advisories?name=MDVSA-2009:111
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2009-0436.html
http://www.securityfocus.com/bid/34656
http://www.securitytracker.com/id?1022097
http://www.vupen.com/english/advisories/2009/1125
https://bugzilla.mozilla.org/show_bug.cgi?id=483086 Exploit Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11520
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6242
https://usn.ubuntu.com/764-1/
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9:rc:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.9_rc:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0:preview_release:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.6:*:linux:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:1.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:beta1:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.16:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.17:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.18:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.19:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.20:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0.0.21:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:2.0_8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:alpha:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta2:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0:beta5:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*

History

21 Nov 2024, 01:02

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html -
References () http://secunia.com/advisories/34758 - () http://secunia.com/advisories/34758 -
References () http://secunia.com/advisories/34843 - () http://secunia.com/advisories/34843 -
References () http://secunia.com/advisories/34894 - () http://secunia.com/advisories/34894 -
References () http://secunia.com/advisories/35065 - () http://secunia.com/advisories/35065 -
References () http://secunia.com/advisories/36757 - () http://secunia.com/advisories/36757 -
References () http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 -
References () http://www.debian.org/security/2009/dsa-1886 - () http://www.debian.org/security/2009/dsa-1886 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 - () http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 -
References () http://www.mozilla.org/security/announce/2009/mfsa2009-20.html - Vendor Advisory () http://www.mozilla.org/security/announce/2009/mfsa2009-20.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2009-0436.html - () http://www.redhat.com/support/errata/RHSA-2009-0436.html -
References () http://www.securityfocus.com/bid/34656 - () http://www.securityfocus.com/bid/34656 -
References () http://www.securitytracker.com/id?1022097 - () http://www.securitytracker.com/id?1022097 -
References () http://www.vupen.com/english/advisories/2009/1125 - () http://www.vupen.com/english/advisories/2009/1125 -
References () https://bugzilla.mozilla.org/show_bug.cgi?id=483086 - Exploit, Patch () https://bugzilla.mozilla.org/show_bug.cgi?id=483086 - Exploit, Patch
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11520 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11520 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6242 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6242 -
References () https://usn.ubuntu.com/764-1/ - () https://usn.ubuntu.com/764-1/ -
References () https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html - () https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html -

Information

Published : 2009-04-22 18:30

Updated : 2024-11-21 01:02


NVD link : CVE-2009-1310

Mitre link : CVE-2009-1310

CVE.ORG link : CVE-2009-1310


JSON object : View

Products Affected

mozilla

  • firefox
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')