CVE-2009-3988
Publication date 17 February 2010
Last updated 24 July 2024
Ubuntu priority
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Status
Package | Ubuntu Release | Status |
---|---|---|
firefox | 10.04 LTS lucid |
Not affected
|
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Ignored end of life | |
mozilla-thunderbird | 10.04 LTS lucid | Not in release |
9.10 karmic | Not in release | |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
seamonkey | 10.04 LTS lucid |
Fixed 2.0.8+build1+nobinonly-0ubuntu0.10.04.1
|
9.10 karmic |
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.10.1
|
|
9.04 jaunty |
Fixed 2.0.8+build1+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid | Ignored end of life, was needed | |
8.04 LTS hardy |
Fixed 2.0.8+build1+nobinonly-0ubuntu0.8.04.1
|
|
6.06 LTS dapper | Not in release | |
thunderbird | 10.04 LTS lucid |
Not affected
|
9.10 karmic |
Not affected
|
|
9.04 jaunty |
Not affected
|
|
8.10 intrepid |
Not affected
|
|
8.04 LTS hardy |
Not affected
|
|
6.06 LTS dapper | Not in release | |
xulrunner-1.9 | 10.04 LTS lucid | Not in release |
9.10 karmic | Not in release | |
9.04 jaunty |
Fixed 1.9.0.18+build1+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid |
Fixed 1.9.0.18+build1+nobinonly-0ubuntu0.8.10.1
|
|
8.04 LTS hardy |
Fixed 1.9.0.18+build1+nobinonly-0ubuntu0.8.04.1
|
|
6.06 LTS dapper | Not in release | |
xulrunner-1.9.1 | 10.04 LTS lucid | Not in release |
9.10 karmic |
Fixed 1.9.1.8+build1+nobinonly-0ubuntu0.9.10.1
|
|
9.04 jaunty |
Fixed 1.9.1.8+build1+nobinonly-0ubuntu0.9.04.1
|
|
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |