Mozilla Firefox 3.0.x prior to 3.0.18 and 3.5.x prior to 3.5.8, and SeaMonkey prior to 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox 3.0.14 |
||
mozilla firefox 3.0.2 |
||
mozilla firefox 3.0.15 |
||
mozilla firefox |
||
mozilla firefox 3.5.6 |
||
mozilla firefox 3.5.7 |
||
mozilla seamonkey 2.0 |
||
mozilla firefox 3.0 |
||
mozilla firefox 3.0.1 |
||
mozilla firefox 3.0.3 |
||
mozilla firefox 3.0.4 |
||
mozilla firefox 3.0.5 |
||
mozilla firefox 3.5 |
||
mozilla firefox 3.5.1 |
||
mozilla firefox 3.0.12 |
||
mozilla firefox 3.0.13 |
||
mozilla firefox 3.0.8 |
||
mozilla firefox 3.0.9 |
||
mozilla firefox 3.5.4 |
||
mozilla firefox 3.5.5 |
||
mozilla firefox 3.0.10 |
||
mozilla firefox 3.0.11 |
||
mozilla firefox 3.0.6 |
||
mozilla firefox 3.0.7 |
||
mozilla firefox 3.5.2 |
||
mozilla firefox 3.5.3 |