Mozilla Foundation Security Advisory 2010-04

Mozilla Foundation Security Advisory 2010-04

Title: XSS due to window.dialogArguments being readable cross-domain
Impact: Moderate
Announced: February 17, 2010
Reporter: Hidetake Jo, TippingPoint ZDI
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6
Firefox 3.5.8
Firefox 3.0.18
SeaMonkey 2.0.3
Description

Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. This is a violation of the same-origin policy and could result in a website running untrusted JavaScript if it assumed the dialogArguments could not be initialized by another site.

An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla.
References

* https://bugzilla.mozilla.org/show_bug.cgi?id=504862
* CVE-2009-3988