CVE-2009-3988
EUVD-2009-395922.02.2010, 13:00
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mozilla | firefox | 𝑥 ≤ 3.0.17 |
| mozilla | firefox | 3.0 |
| mozilla | firefox | 3.0.1 |
| mozilla | firefox | 3.0.2 |
| mozilla | firefox | 3.0.3 |
| mozilla | firefox | 3.0.4 |
| mozilla | firefox | 3.0.5 |
| mozilla | firefox | 3.0.6 |
| mozilla | firefox | 3.0.7 |
| mozilla | firefox | 3.0.8 |
| mozilla | firefox | 3.0.9 |
| mozilla | firefox | 3.0.10 |
| mozilla | firefox | 3.0.11 |
| mozilla | firefox | 3.0.12 |
| mozilla | firefox | 3.0.13 |
| mozilla | firefox | 3.0.14 |
| mozilla | firefox | 3.0.15 |
| mozilla | firefox | 3.5 |
| mozilla | firefox | 3.5.1 |
| mozilla | firefox | 3.5.2 |
| mozilla | firefox | 3.5.3 |
| mozilla | firefox | 3.5.4 |
| mozilla | firefox | 3.5.5 |
| mozilla | firefox | 3.5.6 |
| mozilla | firefox | 3.5.7 |
| mozilla | seamonkey | 2.0 |
| mozilla | seamonkey | 2.0:alpha_1 |
| mozilla | seamonkey | 2.0:alpha_2 |
| mozilla | seamonkey | 2.0:alpha_3 |
| mozilla | seamonkey | 2.0:beta_1 |
| mozilla | seamonkey | 2.0:beta_2 |
| mozilla | seamonkey | 2.0:rc1 |
| mozilla | seamonkey | 2.0:rc2 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| firefox |
| ||||||||||||
| mozilla-thunderbird |
| ||||||||||||
| seamonkey |
| ||||||||||||
| thunderbird |
| ||||||||||||
| xulrunner-1.9 |
| ||||||||||||
| xulrunner-1.9.1 |
|
Common Weakness Enumeration
References