FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1310

This CVE name corresponds to:

Entered Topic
2009-04-22 mozilla -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1310 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1310
Phase Assigned(20090416)

Description

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

References

Source Reference
CONFIRM http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
CONFIRM https://bugzilla.mozilla.org/show_bug.cgi?id=483086
DEBIAN DSA-1886
FEDORA FEDORA-2009-3875
MANDRIVA MDVSA-2009:111
REDHAT RHSA-2009:0436
SUNALERT 264308
SUSE SUSE-SR:2009:010
UBUNTU USN-764-1
BID 34656
OVAL oval:org.mitre.oval:def:11520
OVAL oval:org.mitre.oval:def:6242
SECTRACK 1022097
SECUNIA 34758
SECUNIA 34894
SECUNIA 34843
SECUNIA 35065
SECUNIA 36757
VUPEN ADV-2009-1125

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.