Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2010-02-21T17:00:00
Updated: 2017-09-18T12:57:01
Reserved: 2009-11-19T00:00:00
Link: CVE-2009-3988
JSON object: View
NVD Information
Status : Modified
Published: 2010-02-22T13:00:01.890
Modified: 2017-09-19T01:29:52.970
Link: CVE-2009-3988
JSON object: View
Redhat Information
No data.
CWE