4 matches found
Design/Logic Flaw
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of 1 the host name, 2 security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property...
CVE-2009-1710
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of 1 the host name, 2 security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property...
CVE-2007-0779
CVE-2007-0779 concerns a GUI overlay spoofing flaw in SeaMonkey prior to 1.0.8 (and Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2) where a large, transparent cursor via CSS3 hotspot could spoof UI elements such as the hostname or security indicators. The vulnerability allows remote observe...
Spoofing using custom cursor and CSS3 hotspot — Mozilla
David Eckel reported that browser UI elements--such as the host name and security indicators--could be spoofed by using a large, mostly transparent, custom cursor and adjusting the CSS3 hotspot property so that the visible part of the cursor floated outside the browser content area...