CVE-2009-3988

Mozilla Firefox <3.0.18 & SeaMonkey <2.0.3 - XSS

Title source: llm
STIX 2.1

Description

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

References (17)

Core 17
Core References
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-1999
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-895-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38847
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2010-0112.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-896-1
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0405
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37242
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384
Issue Tracking x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=504862

Scores

EPSS 0.0215
EPSS Percentile 80.1%

Details

CWE
CWE-264
Status published
Products (26)
mozilla/firefox 3.0
mozilla/firefox 3.0.1
mozilla/firefox 3.0.2
mozilla/firefox 3.0.3
mozilla/firefox 3.0.4
mozilla/firefox 3.0.5
mozilla/firefox 3.0.6
mozilla/firefox 3.0.7
mozilla/firefox 3.0.8
mozilla/firefox 3.0.9
... and 16 more
Published Feb 22, 2010
Tracked Since Feb 18, 2026