Mozilla / Firefox user interface spoofing vulnerability

ID 730DB824-E216-11D8-9B0A-000347A4FA7D
Type freebsd
Reporter FreeBSD
Modified 2004-08-15T00:00:00


The Mozilla project's family of browsers contain a design flaw that can allow a website to spoof almost perfectly any part of the Mozilla user interface, including spoofing web sites for phishing or internal elements such as the "Master Password" dialog box. This achieved by manipulating "chrome" through remote XUL content. Recent versions of Mozilla have been fixed to not allow untrusted documents to utilize "chrome" in this way.