FreeBSDB0911985-6E2A-11D9-9557-000A95BC6FAEweb browsers -- window injection vulnerabilities
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.6%
A Secunia Research advisory reports:
Secunia Research has reported a vulnerability in multiple
browsers, which can be exploited by malicious people to
spoof the content of websites.
The problem is that a website can inject content into
another site’s window if the target name of the window is
known. This can e.g. be exploited by a malicious website
to spoof the content of a pop-up window opened on a
trusted website.
Secunia has constructed a test, which can be used to
check if your browser is affected by this issue:
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
A workaround
for Mozilla-based browsers is available.
References
mozillanews.org/?article_date=2004-12-08+06-48-46
secunia.com/advisories/13129/
secunia.com/advisories/13253/
secunia.com/advisories/13254/
secunia.com/advisories/13402/
secunia.com/multiple_browsers_window_injection_vulnerability_test/
secunia.com/secunia_research/2004-13/advisory/
www.kde.org/info/security/advisory-20041213-1.txt
bugzilla.mozilla.org/show_bug.cgi?id=103638
bugzilla.mozilla.org/show_bug.cgi?id=273699
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.6%