Lucene search

Mozilla FoundationMFSA2006-29

HistoryApr 13, 2006 - 12:00 a.m.

Spoofing with translucent windows — Mozilla

2006-04-1300:00:00

Mozilla Foundation

www.mozilla.org

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS

0.087

Percentile

94.5%

JSON

An interaction between XUL content windows and the new faster history mechanism in Firefox 1.5 caused those windows to become translucent. This could be used to construct spoofs that could trick users into interacting with browser UI they can’t see. It’s possible a clever game-type presentation could persuade an unsuspicious user into some combination of actions that would result in running the attacker’s code.

Affected configurations

Vulners

Node

mozillafirefoxRange<1.5.0.2

mozillaseamonkeyRange<1.0.1

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
mozillaseamonkey*cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
mozilla	seamonkey	*	cpe:2.3:a:mozilla:seamonkey::::::::

References

bugzilla.mozilla.org/show_bug.cgi?id=327014

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

EPSS

0.087

Percentile

94.5%

JSON

Related for MFSA2006-29