Информационная безопасность
[RU] switch to English

Дополнительная информация

  Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey

  ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability

  Mozilla Foundation Security Advisory 2010-33

  Mozilla Foundation Security Advisory 2010-32

  Mozilla Foundation Security Advisory 2010-30

Date:25 июня 2010 г.
Subject:Mozilla Foundation Security Advisory 2010-31

Mozilla Foundation Security Advisory 2010-31

Title: focus() behavior can be used to inject or steal keystrokes
Impact: Moderate
Announced: June 22, 2010
Reporter: Michal Zalewski
Products: Firefox, SeaMonkey

Fixed in: Firefox 3.6.4
 Firefox 3.5.10
 SeaMonkey 2.0.5

Google security researcher Michal Zalewski reported that focus() could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within another via an iframe. A malicious web page could use this behavior to steal keystrokes from a victim while they were typing sensitive information such as a password.

   * https://bugzilla.mozilla.org/show_bug.cgi?id=552255
   * CVE-2010-1125

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород