Lucene search

K
mozillaMozilla FoundationMFSA2008-19
HistoryMar 25, 2008 - 12:00 a.m.

XUL popup spoofing variant (cross-tab popups) — Mozilla

2008-03-2500:00:00
Mozilla Foundation
www.mozilla.org
9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.7%

Mozilla contributor Chris Thomas demonstrated that it was possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user’s browser. This technique could be used by an attacker to spoof form elements such as a login prompt for a site opened in a different tab and steal the user’s login credentials for that site.

CPENameOperatorVersion
firefoxlt2.0.0.13
seamonkeylt1.1.9

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

80.7%