Your submission was sent successfully! Close

CVE-2009-3988

Published: 17 February 2010

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (3.6)
mozilla-thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
Upstream
Released (2.0.3)
thunderbird
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.2)
xulrunner-1.9
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.0.18)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
Upstream
Released (1.9.1.8)