Monday, June 13, 2005

06/13/05 Mozilla Browsers Frame Injection Vulnerability

MODERATE: Mozilla Browsers Frame Injection Vulnerability
Affected:
Firefox version 1.0.4
Mozilla version 1.7.8
Description: An old vulnerability has been rediscovered in the Mozilla and Firefox browsers. This vulnerability permits a malicious website to inject a "frame" into the browser window of another website. For example, the content from http://www.malicious.com can be loaded into another window displaying the content from http://www.mybank.com. The flaw can be exploited by a malicious webpage to spoof its identity as a trusted site. This may lead to stealing sensitive user information such as passwords, or further compromise of the user system. Proof-of-concept browser test tools have been publicly posted.
Status: Mozilla has not confirmed, no patches available.
References:
Secunia Advisory
http://secunia.com/advisories/15601/

posted by CONNECTTO.NET TECHNICAL SUPPORT TEAM at 10:26 AM  

0 Comments:

Post a Comment

<< Home