[Vulnerabilidad de Terceros] Mozilla XPInstall

05/07/2004 - 20:44 por Ille Corvus | Informe spam
Mozilla XPInstall Dialog Box Security Issue
Fuente: http://secunia.com/advisories/11999/


Secunia Advisory: SA11999
Release Date: 2004-07-05

Critical: Moderately critical
Impact: System access
Where: From remote

Software: Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x

Choose a product and view comprehensive vulnerability statistics and
all Secunia advisories affecting it.

Description:
Jesse Ruderman has reported a security issue in Mozilla and Mozilla
Firefox, allowing malicious websites to trick users into accepting
security dialog boxes.

The problem is that it may be possible to trick users into typing or
clicking on a XPInstall / Security dialog box, using various
interactive events, without the user noticing the dialog box.

Successful exploitation may allow a malicious website to perform tasks
that require user interaction.

Solution:
This has been fixed in Mozilla 1.7 and Mozilla Firefox 0.9.

Original Advisory:
http://bugzilla.mozilla.org/show_bug.cgi?id2020


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio Anneo Seneca)»
 

Leer las respuestas

#1 Anonimo
05/07/2004 - 21:00 | Informe spam
oye grajo, te deja individual.net postear con una
direccion falsa

voy a escribirles a ver que opinan con un par de mensajes
tuyos, habilmente seleccionados y traducidos.


Mozilla XPInstall Dialog Box Security Issue
Fuente: http://secunia.com/advisories/11999/


Secunia Advisory: SA11999
Release Date: 2004-07-05

Critical: Moderately critical
Impact: System access
Where: From remote

Software: Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla Firefox 0.x

Choose a product and view comprehensive vulnerability


statistics and
all Secunia advisories affecting it.

Description:
Jesse Ruderman has reported a security issue in Mozilla


and Mozilla
Firefox, allowing malicious websites to trick users into


accepting
security dialog boxes.

The problem is that it may be possible to trick users


into typing or
clicking on a XPInstall / Security dialog box, using


various
interactive events, without the user noticing the dialog


box.

Successful exploitation may allow a malicious website to


perform tasks
that require user interaction.

Solution:
This has been fixed in Mozilla 1.7 and Mozilla Firefox


0.9.

Original Advisory:
http://bugzilla.mozilla.org/show_bug.cgi?id2020


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con


adulaciones (Lucio Anneo Seneca)»
.

Preguntas similares