New Search

Mozilla Firefox and SeaMonkey XSS Vulnerability due to window.dialogArguments being readable cross-domain

oval:org.mitre.oval:def:8355

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3 does not properly restrict read access to object properties in showModalDialog which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Vista
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows 2000
Class:
vulnerability
Reference(s):
  • CVE-2009-3988
Product(s):
  • Mozilla Firefox
  • Mozilla Seamonkey