[SEG] Mozilla / Mozilla Firefox Window Injection Vulnerability

08/12/2004 - 18:08 por Windows | Informe spam
-> hay un un test de vulnerabilidad
http://secunia.com/multiple_browser...lity_test/
y ver "solution" :-)


Mozilla / Mozilla Firefox Window Injection Vulnerability
http://secunia.com/advisories/13129/

Secunia Advisory: SA13129 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software:
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Mozilla / Mozilla
Firefox, which can be exploited by malicious people to spoof the
content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11978

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
Firefox 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11978:
http://secunia.com/advisories/11978/
 

Leer las respuestas

#1 JM Tella Llop [MVP Windows]
09/12/2004 - 15:45 | Informe spam
No es tema de estos foros.

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase,
y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use.



"Windows" wrote in message
news:18i8j0o50wfqa$
-> hay un un test de vulnerabilidad
http://secunia.com/multiple_browser...lity_test/
y ver "solution" :-)


Mozilla / Mozilla Firefox Window Injection Vulnerability
http://secunia.com/advisories/13129/

Secunia Advisory: SA13129 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software:
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Mozilla / Mozilla
Firefox, which can be exploited by malicious people to spoof the
content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11978

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
Firefox 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11978:
http://secunia.com/advisories/11978/

Preguntas similares