CVE-2009-3988
N/A
N/A
Summary
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.ubuntu.com/usn/USN-895-1
- http://secunia.com/advisories/38847
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
- http://www.redhat.com/support/errata/RHSA-2010-0112.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
- http://www.debian.org/security/2010/dsa-1999
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
- http://www.ubuntu.com/usn/USN-896-1
- http://www.vupen.com/english/advisories/2010/0405
- http://secunia.com/advisories/37242
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384
- http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=504862
References
- http://www.ubuntu.com/usn/USN-895-1
- http://secunia.com/advisories/38847
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
- http://www.redhat.com/support/errata/RHSA-2010-0112.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
- http://www.debian.org/security/2010/dsa-1999
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
- http://www.ubuntu.com/usn/USN-896-1
- http://www.vupen.com/english/advisories/2010/0405
- http://secunia.com/advisories/37242
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384
- http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=504862
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.