New Search

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3 does not properly restrict read access to object properties in showModalDialog which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

oval:org.mitre.oval:def:9384

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3 does not properly restrict read access to object properties in showModalDialog which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • CentOS Linux 4
  • Oracle Linux 5
  • Oracle Linux 4
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
  • Red Hat Enterprise Linux 4
Class:
vulnerability
Reference(s):
  • CVE-2009-3988
Product(s):