Mozilla Foundation Security Advisory 2008-11
Title: Web forgery overwrite with div overlay
Impact: Low
Announced: February 7, 2008
Reporter: Emil Ljungdahl, Lars-Olof Moilanen
Products: Firefox
Fixed in: Firefox 2.0.0.12
Description
Security researchers Emil Ljungdahl and Lars-Olof Moilanen demonstrated that, in cases where the entire contents of a page are enclosed in a <div> with absolute positioning, a web forgery warning dialog won't be displayed unless the user switches tabs away-from then back-to the forgery page.
References
* https://bugzilla.mozilla.org/show_bug.cgi?id=408164
* CVE-2008-0594