Lucene search
AnonymousZDI-10-019HistoryFeb 19, 2010 - 12:00 a.m.
Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
2010-02-1900:00:00
Anonymous
www.zerodayinitiative.com
26
EPSS
0.013
Percentile
86.2%
This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. This vulnerability can be exploited to obtain website credentials not originating from the attacking site.
Related
cvelist
cvelist
CVE-2009-3988
2010-02-21 17:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2010-04
2010-02-19 00:00:00
Mozilla Firefox / Thunderbird / SeaMonkey multiple security vulnerabilities
2010-02-25 00:00:00
prion
prion
Cross site scripting
2010-02-22 13:00:00
veracode
veracode
Authorization Bypass
2020-04-10 00:43:58
ubuntucve
ubuntucve
CVE-2009-3988
2010-02-17 00:00:00
cve
cve
CVE-2009-3988
2010-02-22 13:00:01
nvd
nvd
CVE-2009-3988
2010-02-22 13:00:01
seebug
seebug
Firefox showModalDialog()ćšćłčˇ¨ĺčćŹć§čĄćźć´
2010-02-20 00:00:00
mozilla
mozilla
XSS due to window.dialogArguments being readable cross-domain â Mozilla
2010-02-17 00:00:00
openvas
openvas
Mozilla Products Multiple Vulnerabilities feb-10 (Linux)
2010-02-26 00:00:00
Mozilla Products Multiple Vulnerabilities (MFSA2010-05) - Linux
2010-02-26 00:00:00
Mozilla Products Multiple Vulnerabilities (Feb 2010) - Windows
2010-02-26 00:00:00
nessus
nessus
Debian DSA-1999-1 : xulrunner - several vulnerabilities
2010-02-24 00:00:00
SuSE 11 Security Update : Mozilla XULRunner (SAT Patch Number 2033)
2010-02-25 00:00:00
openSUSE Security Update : MozillaFirefox (MozillaFirefox-2017)
2010-02-25 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: firefox-3.5.8-1.fc12
2010-02-20 00:29:04
[SECURITY] Fedora 11 Update: hulahop-0.4.9-12.fc11
2010-02-20 00:15:26
[SECURITY] Fedora 11 Update: kazehakase-0.5.8-5.fc11
2010-02-20 00:15:26
ubuntu
ubuntu
Firefox 3.5 and Xulrunner 1.9.1 vulnerabilities
2010-02-17 00:00:00
Firefox 3.0 and Xulrunner 1.9 vulnerabilities
2010-02-17 00:00:00
osv
osv
xulrunner - several vulnerabilities
2010-02-18 00:00:00
suse
suse
remote code execution in MozillaFirefox,seamonkey
2010-03-04 16:53:48
debian
debian
[Backports-security-announce] Security Update for xulrunner
2010-03-09 15:02:49
[SECURITY] [DSA 1999-1] New xulrunner packages fix several vulnerabilities
2010-02-18 20:04:53
[Backports-security-announce] Security Update for xulrunner
2010-03-09 15:11:52
freebsd
freebsd
mozilla -- multiple vulnerabilities
2010-02-17 00:00:00
oraclelinux
oraclelinux
firefox security update
2010-02-17 00:00:00
centos
centos
firefox, xulrunner security update
2010-02-18 00:33:18
redhat
redhat
(RHSA-2010:0112) Critical: firefox security update
2010-02-17 00:00:00
gentoo
gentoo
Mozilla Products: Multiple vulnerabilities
2013-01-08 00:00:00