1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Firefox,Mozilla,& Netscape-Window Injection Vulnerability

Discussion in 'Firefox, Thunderbird & SeaMonkey' started by Ramona, 2004/12/08.

Thread Status:
Not open for further replies.
  1. 2004/12/08
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    FIREFOX & MOZILLA

    TITLE:
    Mozilla / Mozilla Firefox Window Injection Vulnerability

    SECUNIA ADVISORY ID:
    SA13129

    VERIFY ADVISORY:
    http://secunia.com/advisories/13129/

    CRITICAL:
    Moderately critical

    IMPACT:
    Spoofing

    WHERE:
    >From remote

    SOFTWARE:
    Mozilla Firefox 1.x
    http://secunia.com/product/4227/
    Mozilla Firefox 0.x
    http://secunia.com/product/3256/
    Mozilla 1.7.x
    http://secunia.com/product/3691/
    Mozilla 1.6
    http://secunia.com/product/3101/
    Mozilla 1.5
    http://secunia.com/product/2478/
    Mozilla 1.4
    http://secunia.com/product/1481/
    Mozilla 1.3
    http://secunia.com/product/1480/
    Mozilla 1.2
    http://secunia.com/product/3100/
    Mozilla 1.1
    http://secunia.com/product/98/
    Mozilla 1.0
    http://secunia.com/product/97/
    Mozilla 0.x
    http://secunia.com/product/772/

    DESCRIPTION:
    Secunia Research has reported a vulnerability in Mozilla / Mozilla
    Firefox, which can be exploited by malicious people to spoof the
    content of websites.

    The problem is that a website can inject content into another site's
    window if the target name of the window is known. This can e.g. be
    exploited by a malicious website to spoof the content of a pop-up
    window opened on a trusted website.

    This is related to:
    SA11978

    Secunia has constructed a test, which can be used to check if your
    browser is affected by this issue:
    http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

    The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
    Firefox 1.0. Other versions may also be affected.

    SOLUTION:
    Do not browse untrusted sites while browsing trusted sites.

    PROVIDED AND/OR DISCOVERED BY:
    Secunia Research

    ORIGINAL ADVISORY:
    http://secunia.com/secunia_research/2004-13/advisory/

    OTHER REFERENCES:
    SA11978:
    http://secunia.com/advisories/11978/
    ==================================

    NETSCAPE
    TITLE:
    Netscape Window Injection Vulnerability

    SECUNIA ADVISORY ID:
    SA13402

    VERIFY ADVISORY:
    http://secunia.com/advisories/13402/

    CRITICAL:
    Moderately critical

    IMPACT:
    Spoofing

    WHERE:
    >From remote

    SOFTWARE:
    Netscape 7.x
    http://secunia.com/product/85/

    DESCRIPTION:
    A vulnerability has been reported in Netscape, which can be exploited
    by malicious people to spoof the content of websites.

    The problem is that a website can inject content into another site's
    window if the target name of the window is known. This can e.g. be
    exploited by a malicious website to spoof the content of a pop-up
    window opened on a trusted website.

    This is related to:
    SA11978

    Secunia has constructed a test, which can be used to check if your
    browser is affected by this issue:
    http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

    The vulnerability has been confirmed in Netscape 7.2. Other versions
    may also be affected.

    SOLUTION:
    Do not browse untrusted sites while browsing trusted sites.

    PROVIDED AND/OR DISCOVERED BY:
    Originally discovered by:
    Secunia Research

    Reported in Netscape by:
    Juha-Matti Laurio

    ORIGINAL ADVISORY:
    http://secunia.com/secunia_research/2004-13/advisory/

    OTHER REFERENCES:
    SA11978:
    http://secunia.com/advisories/11978/
     
    Ramona,
    #1
  2. 2004/12/08
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    I used the Secunia test for the Window Injection Vulnerability with the following results:

    With the Popup Blocking enabled:

    Firefox 1.0 - Vulnerable
    Mozilla 1.7.3 - Not Vulnerable
    Netscape 7.1, & 7.2 - Not Vulnerable

    Ramona
     
    Ramona,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...