CVE-2009-3988

Publication date 17 February 2010

Last updated 24 July 2024

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Status

Show unmaintained releases

Package	Ubuntu Release	Status

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-896-1
Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
17 February 2010

USN-895-1
Firefox 3.0 and Xulrunner 1.9 vulnerabilities
17 February 2010

Other references

http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
https://www.cve.org/CVERecord?id=CVE-2009-3988