Multiple Browser Cross Tab Form Focus

2004-10-20T09:23:39
ID OSVDB:10984
Type osvdb
Reporter Jakob Balle(jb@secunia.com)
Modified 2004-10-20T09:23:39

Description

Vulnerability Description

Mozilla Web Browser, Firefox, Netscape, Maxthon and Avant Browser contain a flaw that may allow a malicious user to gain confidential data by shifting focus on forms from an active tab to an inactive tab. The issue is triggered when a user visits a specially crafted URL that may allow inactive tabs to gain focus from form fields on web sites in another tab resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): disable JavaScript.

Short Description

Mozilla Web Browser, Firefox, Netscape, Maxthon and Avant Browser contain a flaw that may allow a malicious user to gain confidential data by shifting focus on forms from an active tab to an inactive tab. The issue is triggered when a user visits a specially crafted URL that may allow inactive tabs to gain focus from form fields on web sites in another tab resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Security Tracker: 1011922 Secunia Advisory ID:12714 Secunia Advisory ID:12983 Secunia Advisory ID:14714 Secunia Advisory ID:12712 Secunia Advisory ID:12966 Secunia Advisory ID:12731 Secunia Advisory ID:12717 Secunia Advisory ID:14709 Related OSVDB ID: 10983 RedHat RHSA: RHSA-2005:323 Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123 Other Advisory URL: http://secunia.com/secunia_research/2004-10/ Keyword: aka the "Dialog Box Spoofing Vulnerability"

Keyword: MFSA 2005-05 Generic Exploit URL: http://secunia.com/multiple_browsers_form_field_focus_test/ CVE-2004-1380 CVE-2004-1381