Информационная безопасность
[RU] switch to English


Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox, Thunderbird, SeaMonkey, NSS

  Mozilla Foundation Security Advisory 2009-46

  Mozilla Foundation Security Advisory 2009-45

  Mozilla Foundation Security Advisory 2009-38

  Mozilla Foundation Security Advisory 2009-43

From:MOZILLA
Date:7 августа 2009 г.
Subject:Mozilla Foundation Security Advisory 2009-44

Mozilla Foundation Security Advisory 2009-44

Title: Location bar and SSL indicator spoofing via window.open() on invalid URL
Impact: Moderate
Announced: August 3, 2009
Reporter: Juan Pablo Lopez Yacubian
Products: Firefox

Fixed in: Firefox 3.5.2
 Firefox 3.0.13
Description

Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location. Additionally, if the spoofed document was created by a document with a valid SSL certificate, the SSL indicators would be carried over into the spoofed document. An attacker could use these issues to display misleading location and SSL information for a malicious web page.
References

   * https://bugzilla.mozilla.org/show_bug.cgi?id=451898
   * CVE-2009-2654

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород