Published: 22/02/2010 Updated: 19/09/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox 3.0.x prior to 3.0.18 and 3.5.x prior to 3.5.8, and SeaMonkey prior to 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote malicious users to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox 3.0.14
mozilla firefox 3.0.2
mozilla firefox 3.0.15
mozilla firefox
mozilla firefox 3.5.6
mozilla firefox 3.5.7
mozilla seamonkey 2.0
mozilla firefox 3.0
mozilla firefox 3.0.1
mozilla firefox 3.0.3
mozilla firefox 3.0.4
mozilla firefox 3.0.5
mozilla firefox 3.5
mozilla firefox 3.5.1
mozilla firefox 3.0.12
mozilla firefox 3.0.13
mozilla firefox 3.0.8
mozilla firefox 3.0.9
mozilla firefox 3.5.4
mozilla firefox 3.5.5
mozilla firefox 3.0.10
mozilla firefox 3.0.11
mozilla firefox 3.0.6
mozilla firefox 3.0.7
mozilla firefox 3.5.2
mozilla firefox 3.5.3

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic Updated firefox packages that fix several security issues are now availablefor Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team ...

Several flaws were discovered in the browser engine of Firefox If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2010-0159) ...

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1571 Alin Rad Pop discovered that incorrect memory handling in the HTML parser could lead to the execut ...

Mozilla Foundation Security Advisory 2010-04 XSS due to windowdialogArguments being readable cross-domain Announced February 17, 2010 Reporter Hidetake Jo, TippingPoint ZDI Impact Moderate Products Firefox, SeaMonkey F ...

CWE-264 https://bugzilla.mozilla.org/show_bug.cgi?id=504862 http://www.mozilla.org/security/announce/2010/mfsa2010-04.html http://secunia.com/advisories/37242 http://www.vupen.com/english/advisories/2010/0405 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 http://www.ubuntu.com/usn/USN-896-1 http://www.debian.org/security/2010/dsa-1999 http://www.ubuntu.com/usn/USN-895-1 http://www.redhat.com/support/errata/RHSA-2010-0112.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/38847 https://exchange.xforce.ibmcloud.com/vulnerabilities/56362 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355 https://access.redhat.com/errata/RHSA-2010:0112 https://nvd.nist.gov https://usn.ubuntu.com/895-1/

CVE-2009-3988

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect