logo
DATABASE RESOURCES PRICING ABOUT US

Mozilla Foundation Security Advisory 2008-19

Description

Mozilla Foundation Security Advisory 2008-19 Title: XUL popup spoofing variant (cross-tab popups) Impact: High Announced: March 25, 2008 Reporter: Chris Thomas Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.13 SeaMonkey 1.1.9 Description Mozilla contributor Chris Thomas demonstrated that it was possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser. This technique could be used by an attacker to spoof form elements such as a login prompt for a site opened in a different tab and steal the user's login credentials for that site. References * https://bugzilla.mozilla.org/show_bug.cgi?id=406686 * CVE-2008-1241


Related