Cefn Hoile

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.9 Thunderbird (affected versions not specified) SeaMonkey (affected versions not specified) **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets. This issue has been exploited in the wild, as seen in a March 2009 eBay listing. **Recommendations** For Mozilla Firefox versions prior to 3.0.9, update to version 3.0.9 or later. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SeaMonkey, at the moment, there is no information about a newer version that contains a fix for this vulnerability.