E-Mail:
Author Avatar

Mozilla / Mozilla Firefox Dialog Overlapping Weakness

Thursday, January 13th, 2005
by Marc Erickson

Secunia Advisory: SA13786

Critical: Not critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software: Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x

mikx has discovered a weakness in Mozilla and Mozilla Firefox, which potentially can be exploited by malicious people to trick users into performing unintended actions.

The problem is that popup windows can overlay modal dialogs. This can e.g. be exploited by a malicious web site to hide the information text in a download or security dialog in order to trick a user into accepting it.

Exploitation is more or less convincing depending on the used Windows desktop theme.

The weakness has been confirmed on Mozilla Firefox 1.0 and Mozilla 1.7.5 for Windows.

Solution: Do not take positive actions on dialogs from untrusted sources.

Tags
Categories

What Do You Think?

 


Anti-Spam Image

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

Author Avatar
Science - Jul 25, 2008

New Population Of Highly Threatened Lemur Found

Author Avatar
Energy - Jul 23, 2008

Closing The Hydrogen Economic Loop

Author Avatar
Society - Jul 17, 2008

Sociological Analysis Shows Emergence Of Rights Revolution In China

Author Avatar
Health - Jul 15, 2008

Polished To Perfection