CVE-2009-1310 (firefox)
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1310