New Search

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3 does not properly restrict read access to object properties in showModalDialog which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

oval:org.mitre.oval:def:9384

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8 and SeaMonkey before 2.0.3 does not properly restrict read access to object properties in showModalDialog which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 4
  • Oracle Linux 5
  • Oracle Linux 4
  • CentOS Linux 4
  • Red Hat Enterprise Linux 5
  • CentOS Linux 5
Class:
vulnerability
Reference(s):
  • CVE-2009-3988
Product(s):