Security researcher Hidetake Jo of Microsoft
Vulnerability Research reported that the properties set on an object
passed to showModalDialog
were readable by the document
contained in the dialog, even when the document was from a different
domain. This is a violation of the same-origin policy and could
result in a website running untrusted JavaScript if it assumed
the dialogArguments
could not be initialized by another
site.
An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.