Description
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
References (17)
Core 17
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-1999
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-895-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/38847
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0112.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-896-1
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0405
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37242
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384
Various Sources x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=504862
Scores
EPSS
0.0215
EPSS Percentile
80.1%
Details
CWE
CWE-264
Status
published
Products (26)
mozilla/firefox
3.0
mozilla/firefox
3.0.1
mozilla/firefox
3.0.2
mozilla/firefox
3.0.3
mozilla/firefox
3.0.4
mozilla/firefox
3.0.5
mozilla/firefox
3.0.6
mozilla/firefox
3.0.7
mozilla/firefox
3.0.8
mozilla/firefox
3.0.9
... and 16 more
Published
Feb 22, 2010
Tracked Since
Feb 18, 2026