CVE-2009-3988

MEDIUM

Description

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

ID	Name	Product	Family	Severity
68000	Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113)	Nessus	Oracle Linux Local Security Checks	critical
67999	Oracle Linux 4 / 5 : firefox (ELSA-2010-0112)	Nessus	Oracle Linux Local Security Checks	critical
63402	GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)	Nessus	Gentoo Local Security Checks	critical
49900	SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866)	Nessus	SuSE Local Security Checks	critical
49891	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867)	Nessus	SuSE Local Security Checks	critical
47288	Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936)	Nessus	Fedora Local Security Checks	critical
47285	Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932)	Nessus	Fedora Local Security Checks	critical
47268	Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727)	Nessus	Fedora Local Security Checks	critical
44911	SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871)	Nessus	SuSE Local Security Checks	critical
44910	SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863)	Nessus	SuSE Local Security Checks	critical
44909	SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)	Nessus	SuSE Local Security Checks	critical
44907	SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025)	Nessus	SuSE Local Security Checks	critical
44906	openSUSE Security Update : seamonkey (seamonkey-2013)	Nessus	SuSE Local Security Checks	critical
44903	openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)	Nessus	SuSE Local Security Checks	critical
44901	openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)	Nessus	SuSE Local Security Checks	critical
44899	openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052)	Nessus	SuSE Local Security Checks	critical
44863	Debian DSA-1999-1 : xulrunner - several vulnerabilities	Nessus	Debian Local Security Checks	critical
44672	Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)	Nessus	Mandriva Local Security Checks	critical
44661	FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede)	Nessus	FreeBSD Local Security Checks	critical
801279	Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
801219	Mozilla SeaMonkey < 2.0.3 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
44660	SeaMonkey < 2.0.3 Multiple Vulnerabilities	Nessus	Windows	high
44659	Firefox 3.5 < 3.5.8 Multiple Vulnerabilities	Nessus	Windows	high
44658	Firefox < 3.0.18 Multiple Vulnerabilities	Nessus	Windows	high
44656	Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1)	Nessus	Ubuntu Local Security Checks	critical
44655	Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1)	Nessus	Ubuntu Local Security Checks	critical
44652	RHEL 3 / 4 : seamonkey (RHSA-2010:0113)	Nessus	Red Hat Local Security Checks	critical
44651	RHEL 4 / 5 : firefox (RHSA-2010:0112)	Nessus	Red Hat Local Security Checks	critical
44649	CentOS 3 / 4 : seamonkey (CESA-2010:0113)	Nessus	CentOS Local Security Checks	critical
44648	CentOS 4 / 5 : firefox (CESA-2010:0112)	Nessus	CentOS Local Security Checks	critical
5343	SeaMonkey < 2.0.3 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium
5342	Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	medium

CVE-2009-3988

Description

References

Details

Risk Information

CVSS v2.0