CVE-2009-3988

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.x through 3.0.17 Mozilla Firefox versions 3.5.x through 3.5.7 SeaMonkey versions prior to 2.0.3

Description The issue allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. This is due to improper restriction of read access to object properties in showModalDialog.

Recommendations For Mozilla Firefox versions 3.0.x through 3.0.17, update to version 3.0.18 or later. For Mozilla Firefox versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For SeaMonkey versions prior to 2.0.3, update to version 2.0.3 or later.