Your submission was sent successfully! Close

CVE-2009-3988

Published: 17 February 2010

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Priority

Low

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Not vulnerable

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Not vulnerable

upstream
Released (3.6)
mozilla-thunderbird
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

upstream Needs triage

seamonkey
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.0.8+build1+nobinonly-0ubuntu0.8.04.1)
intrepid Needed
(reached end-of-life)
jaunty
Released (2.0.8+build1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (2.0.8+build1+nobinonly-0ubuntu0.9.10.1)
lucid
Released (2.0.8+build1+nobinonly-0ubuntu0.10.04.1)
upstream
Released (2.0.3)
thunderbird
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable
(3.0.3+nobinonly-0ubuntu1)
upstream
Released (3.0.2)
xulrunner-1.9
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (1.9.0.18+build1+nobinonly-0ubuntu0.8.04.1)
intrepid
Released (1.9.0.18+build1+nobinonly-0ubuntu0.8.10.1)
jaunty
Released (1.9.0.18+build1+nobinonly-0ubuntu0.9.04.1)
karmic Does not exist

lucid Does not exist

upstream
Released (1.9.0.18)
xulrunner-1.9.1
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

intrepid Does not exist

jaunty
Released (1.9.1.8+build1+nobinonly-0ubuntu0.9.04.1)
karmic
Released (1.9.1.8+build1+nobinonly-0ubuntu0.9.10.1)
lucid Does not exist

upstream
Released (1.9.1.8)