Mozilla / Firefox / Camino Dialog Origin Spoofing Vulnerability
Secunia Advisory:SA15489
Release Date: 2005-06-21
Critical:
Less critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched
Software: Camino 0.x
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
Description:
Secunia Research has discovered a vulnerability in Mozilla, Firefox, and
Camino, which can be exploited by malicious web sites to spoof dialog boxes.
The problem is that JavaScript dialog boxes do not display or include
their origin, which allows a new window to open e.g. a prompt dialog
box, which appears to be from a trusted site.
Successful exploitation normally requires that a user is tricked into
opening a link from a malicious web site to a trusted web site.
Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/
The vulnerability has been confirmed in Mozilla 1.7.8, FireFox 1.04, and
Camino 0.8.4. Prior versions may also be affected.
Solution:
Do not browse untrusted web sites while browsing trusted sites.
Provided and/or discovered by:
Jakob Balle, Secunia Research
Original Advisory:
http://secunia.com/secunia_research/2005-11/
--
--
I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931)
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
