CVE ID:	CVE-2009-3988
Description:	Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Test IDs:	1.3.6.1.4.1.25623.1.0.66941   1.3.6.1.4.1.25623.1.0.66939   1.3.6.1.4.1.25623.1.0.66951   1.3.6.1.4.1.25623.1.0.66948
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2009-3988 Debian Security Information: DSA-1999 (Google Search) http://www.debian.org/security/2010/dsa-1999 http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 RedHat Security Advisories: RHSA-2010:0112 http://www.redhat.com/support/errata/RHSA-2010-0112.html SuSE Security Announcement: SUSE-SA:2010:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://www.ubuntu.com/usn/USN-895-1 http://www.ubuntu.com/usn/USN-896-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8355 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9384 http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.vupen.com/english/advisories/2010/0405 XForce ISS Database: mozilla-showmodaldialog-xss(56362) http://xforce.iss.net/xforce/xfdb/56362

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: