[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247862

 
 

909

 
 

194603

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-3988Date: (C)2010-02-22   (M)2024-03-27


Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECUNIA-37242
SECUNIA-38847
ADV-2010-0405
DSA-1999
FEDORA-2010-1727
FEDORA-2010-1932
FEDORA-2010-1936
MDVSA-2010:042
RHSA-2010:0112
SUSE-SA:2010:015
USN-895-1
USN-896-1
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
https://bugzilla.mozilla.org/show_bug.cgi?id=504862
mozilla-showmodaldialog-xss(56362)
oval:org.mitre.oval:def:8355
oval:org.mitre.oval:def:9384

CPE    33
cpe:/a:mozilla:firefox:3.5.7
cpe:/a:mozilla:firefox:3.5.5
cpe:/a:mozilla:firefox:3.5.6
cpe:/a:mozilla:firefox:3.5.3
...
CWE    1
CWE-264
OVAL    42
oval:org.secpod.oval:def:300330
oval:org.secpod.oval:def:100603
oval:org.secpod.oval:def:200010
oval:org.secpod.oval:def:100444
...

© SecPod Technologies