CVE-2009-3988medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
http://secunia.com/advisories/37242
http://secunia.com/advisories/38847
http://www.debian.org/security/2010/dsa-1999
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.ubuntu.com/usn/USN-895-1
http://www.ubuntu.com/usn/USN-896-1
http://www.vupen.com/english/advisories/2010/0405
https://bugzilla.mozilla.org/show_bug.cgi?id=504862
https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* versions up to 3.0.17 (inclusive)
cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 68000 | Oracle Linux 3 / 4 : seamonkey (ELSA-2010-0113) | Nessus | Oracle Linux Local Security Checks | critical |
| 67999 | Oracle Linux 4 / 5 : firefox (ELSA-2010-0112) | Nessus | Oracle Linux Local Security Checks | critical |
| 63402 | GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST) | Nessus | Gentoo Local Security Checks | critical |
| 49900 | SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6866) | Nessus | SuSE Local Security Checks | critical |
| 49891 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6867) | Nessus | SuSE Local Security Checks | critical |
| 47288 | Fedora 11 : Miro-2.5.4-2.fc11 / blam-1.8.5-18.fc11 / chmsee-1.0.1-15.fc11 / eclipse-3.4.2-20.fc11 / etc (2010-1936) | Nessus | Fedora Local Security Checks | critical |
| 47285 | Fedora 12 : seamonkey-2.0.3-1.fc12 (2010-1932) | Nessus | Fedora Local Security Checks | critical |
| 47268 | Fedora 12 : blam-1.8.5-22.fc12 / firefox-3.5.8-1.fc12 / galeon-2.0.7-20.fc12 / etc (2010-1727) | Nessus | Fedora Local Security Checks | critical |
| 44911 | SuSE 10 Security Update : Mozilla XULRunner (ZYPP Patch Number 6871) | Nessus | SuSE Local Security Checks | critical |
| 44910 | SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6863) | Nessus | SuSE Local Security Checks | critical |
| 44909 | SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033) | Nessus | SuSE Local Security Checks | critical |
| 44907 | SuSE 11 Security Update : Mozilla Firefox (SAT Patch Number 2025) | Nessus | SuSE Local Security Checks | critical |
| 44906 | openSUSE Security Update : seamonkey (seamonkey-2013) | Nessus | SuSE Local Security Checks | critical |
| 44903 | openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017) | Nessus | SuSE Local Security Checks | critical |
| 44901 | openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052) | Nessus | SuSE Local Security Checks | critical |
| 44899 | openSUSE Security Update : MozillaFirefox (MozillaFirefox-2052) | Nessus | SuSE Local Security Checks | critical |
| 44863 | Debian DSA-1999-1 : xulrunner - several vulnerabilities | Nessus | Debian Local Security Checks | critical |
| 44672 | Mandriva Linux Security Advisory : firefox (MDVSA-2010:042) | Nessus | Mandriva Local Security Checks | critical |
| 44661 | FreeBSD : mozilla -- multiple vulnerabilities (f82c85d8-1c6e-11df-abb2-000f20797ede) | Nessus | FreeBSD Local Security Checks | critical |
| 801219 | Mozilla SeaMonkey < 2.0.3 Multiple Vulnerabilities | Log Correlation Engine | Web Clients | high |
| 5343 | SeaMonkey < 2.0.3 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 5342 | Mozilla Firefox < 3.0.18 / 3.5.8 / 3.6 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | medium |
| 44660 | SeaMonkey < 2.0.3 Multiple Vulnerabilities | Nessus | Windows | high |
| 44659 | Firefox 3.5 < 3.5.8 Multiple Vulnerabilities | Nessus | Windows | high |
| 44658 | Firefox < 3.0.18 Multiple Vulnerabilities | Nessus | Windows | high |
| 44656 | Ubuntu 9.10 : firefox-3.5, xulrunner-1.9.1 vulnerabilities (USN-896-1) | Nessus | Ubuntu Local Security Checks | critical |
| 44655 | Ubuntu 8.04 LTS / 8.10 / 9.04 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-895-1) | Nessus | Ubuntu Local Security Checks | critical |
| 44652 | RHEL 3 / 4 : seamonkey (RHSA-2010:0113) | Nessus | Red Hat Local Security Checks | critical |
| 44651 | RHEL 4 / 5 : firefox (RHSA-2010:0112) | Nessus | Red Hat Local Security Checks | critical |
| 44649 | CentOS 3 / 4 : seamonkey (CESA-2010:0113) | Nessus | CentOS Local Security Checks | critical |
| 44648 | CentOS 4 / 5 : firefox (CESA-2010:0112) | Nessus | CentOS Local Security Checks | critical |