Mozilla Foundation Security Advisory 2007-17

2007-06-01T00:00:00
ID SECURITYVULNS:DOC:17144
Type securityvulns
Reporter Securityvulns
Modified 2007-06-01T00:00:00

Description

Title: XUL Popup Spoofing Impact: Low Announced: May 30, 2007 Reporter: Chris Thomas Products: Firefox, SeaMonkey

Fixed in: Firefox 2.0.0.4 Firefox 1.5.0.12 SeaMonkey 1.0.9 SeaMonkey 1.1.2 Description Chris Thomas demonstrated that XUL popups opened by web content could be placed outside the boundaries of the content area. This could be used to spoof or hide parts of the browser chrome such as the location bar.

https://bugzilla.mozilla.org/show_bug.cgi?id=374570 CVE-2007-2871