Unrated severityNVD Advisory· Published Feb 22, 2010· Updated Jun 16, 2026
CVE-2009-3988
CVE-2009-3988
Description
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=3.0.17
- cpe:2.3:a:mozilla:firefox:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:3.5.7:*:*:*:*:*:*:*
- (no CPE)range: <3.0.18, <3.5.8
cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:mozilla:seamonkey:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:alpha_3:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:beta_2:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:mozilla:seamonkey:2.0:rc2:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
17- lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.htmlnvd
- secunia.com/advisories/37242nvd
- secunia.com/advisories/38847nvd
- www.debian.org/security/2010/dsa-1999nvd
- www.mandriva.com/security/advisoriesnvd
- www.mozilla.org/security/announce/2010/mfsa2010-04.htmlnvd
- www.redhat.com/support/errata/RHSA-2010-0112.htmlnvd
- www.ubuntu.com/usn/USN-895-1nvd
- www.ubuntu.com/usn/USN-896-1nvd
- www.vupen.com/english/advisories/2010/0405nvd
- bugzilla.mozilla.org/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/56362nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8355nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9384nvd
News mentions
0No linked articles in our index yet.