gsd - gsd-2009-3988

gsd-2009-3988

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.

Aliases

CVE-2009-3988

Aliases

CVE-2009-3988

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-3988",
    "description": "Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.",
    "id": "GSD-2009-3988",
    "references": [
      "https://www.suse.com/security/cve/CVE-2009-3988.html",
      "https://www.debian.org/security/2010/dsa-1999",
      "https://access.redhat.com/errata/RHSA-2010:0112",
      "https://linux.oracle.com/cve/CVE-2009-3988.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-3988"
      ],
      "details": "Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.",
      "id": "GSD-2009-3988",
      "modified": "2023-12-13T01:19:49.998664Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-3988",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "USN-895-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-895-1"
          },
          {
            "name": "38847",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/38847"
          },
          {
            "name": "SUSE-SA:2010:015",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html"
          },
          {
            "name": "MDVSA-2010:042",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042"
          },
          {
            "name": "FEDORA-2010-1936",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html"
          },
          {
            "name": "RHSA-2010:0112",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0112.html"
          },
          {
            "name": "FEDORA-2010-1932",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html"
          },
          {
            "name": "oval:org.mitre.oval:def:8355",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355"
          },
          {
            "name": "DSA-1999",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2010/dsa-1999"
          },
          {
            "name": "FEDORA-2010-1727",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html"
          },
          {
            "name": "mozilla-showmodaldialog-xss(56362)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56362"
          },
          {
            "name": "USN-896-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-896-1"
          },
          {
            "name": "ADV-2010-0405",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/0405"
          },
          {
            "name": "37242",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/37242"
          },
          {
            "name": "oval:org.mitre.oval:def:9384",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384"
          },
          {
            "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html",
            "refsource": "CONFIRM",
            "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html"
          },
          {
            "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=504862",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=504862"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.0.17",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3988"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=504862",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=504862"
            },
            {
              "name": "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-04.html"
            },
            {
              "name": "37242",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/37242"
            },
            {
              "name": "ADV-2010-0405",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2010/0405"
            },
            {
              "name": "FEDORA-2010-1932",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html"
            },
            {
              "name": "MDVSA-2010:042",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:042"
            },
            {
              "name": "USN-896-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-896-1"
            },
            {
              "name": "DSA-1999",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2010/dsa-1999"
            },
            {
              "name": "USN-895-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-895-1"
            },
            {
              "name": "RHSA-2010:0112",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0112.html"
            },
            {
              "name": "FEDORA-2010-1936",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html"
            },
            {
              "name": "FEDORA-2010-1727",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html"
            },
            {
              "name": "SUSE-SA:2010:015",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html"
            },
            {
              "name": "38847",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/38847"
            },
            {
              "name": "mozilla-showmodaldialog-xss(56362)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56362"
            },
            {
              "name": "oval:org.mitre.oval:def:9384",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384"
            },
            {
              "name": "oval:org.mitre.oval:def:8355",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-19T01:29Z",
      "publishedDate": "2010-02-22T13:00Z"
    }
  }
}

cve-2009-3988

Vulnerability from cvelistv5

Published

2010-02-21 17:00

Modified

2024-08-07 06:45

Severity ?

Summary

References

▼	URL	Tags
	http://www.ubuntu.com/usn/USN-895-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/38847	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDVSA-2010:042	vendor-advisory, x_refsource_MANDRIVA
	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html	vendor-advisory, x_refsource_FEDORA
	http://www.redhat.com/support/errata/RHSA-2010-0112.html	vendor-advisory, x_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html	vendor-advisory, x_refsource_FEDORA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355	vdb-entry, signature, x_refsource_OVAL
	http://www.debian.org/security/2010/dsa-1999	vendor-advisory, x_refsource_DEBIAN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html	vendor-advisory, x_refsource_FEDORA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/56362	vdb-entry, x_refsource_XF
	http://www.ubuntu.com/usn/USN-896-1	vendor-advisory, x_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2010/0405	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/37242	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384	vdb-entry, signature, x_refsource_OVAL
	http://www.mozilla.org/security/announce/2010/mfsa2010-04.html	x_refsource_CONFIRM
	https://bugzilla.mozilla.org/show_bug.cgi?id=504862	x_refsource_CONFIRM

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website