Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey

  US-CERT Technical Cyber Security Alert TA08-087A -- Mozilla Updates for Multiple Vulnerabilities

  Mozilla Foundation Security Advisory 2008-18

  Mozilla Foundation Security Advisory 2008-17

  Mozilla Foundation Security Advisory 2008-16

From:MOZILLA
Date:26 марта 2008 г.
Subject:Mozilla Foundation Security Advisory 2008-19

Mozilla Foundation Security Advisory 2008-19

Title: XUL popup spoofing variant (cross-tab popups)
Impact: High
Announced: March 25, 2008
Reporter: Chris Thomas
Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.13
 SeaMonkey 1.1.9
Description

Mozilla contributor Chris Thomas demonstrated that it was possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser. This technique could be used by an attacker to spoof form elements such as a login prompt for a site opened in a different tab and steal the user's login credentials for that site.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=406686
   * CVE-2008-1241

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород