Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka “Firespoofing.”
marc.info/?l=bugtraq&m=110547286002188&w=2
secunia.com/advisories/13786
www.gentoo.org/security/en/glsa/glsa-200503-10.xml
www.gentoo.org/security/en/glsa/glsa-200503-30.xml
www.mikx.de/firespoofing/
www.mikx.de/index.php?p=7
www.mozilla.org/security/announce/mfsa2005-16.html
www.redhat.com/support/errata/RHSA-2005-176.html
www.redhat.com/support/errata/RHSA-2005-384.html
www.securityfocus.com/bid/12234
bugzilla.mozilla.org/show_bug.cgi?id=260560
exchange.xforce.ibmcloud.com/vulnerabilities/18864
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039