CVE-2009-3988

Impact:
Moderate
Public Date:
2010-02-17
Bugzilla:
566051: CVE-2009-3988 Mozilla violation of same-origin policy due to properties set on objects passed to showModalDialog (MFSA 2010-04)

The MITRE CVE dictionary describes this issue as:

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Find out more about CVE-2009-3988 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 RHSA-2010:0112 2010-02-17
Red Hat Enterprise Linux 4 (firefox) RHSA-2010:0112 2010-02-17

Mitigation

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.