5
CVE-2009-3988
- EPSS 2.15%
- Veröffentlicht 22.02.2010 13:00:01
- Zuletzt bearbeitet 16.06.2026 23:12:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.15% | 0.798 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html
http://secunia.com/advisories/37242
http://secunia.com/advisories/38847
http://www.debian.org/security/2010/dsa-1999
http://www.mandriva.com/security/advisories?name=MDVSA-2010:042
http://www.redhat.com/support/errata/RHSA-2010-0112.html
http://www.ubuntu.com/usn/USN-895-1
http://www.ubuntu.com/usn/USN-896-1
http://www.vupen.com/english/advisories/2010/0405
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
https://bugzilla.mozilla.org/show_bug.cgi?id=504862
https://exchange.xforce.ibmcloud.com/vulnerabilities/56362
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384