Mozilla Foundation Security Advisory 2010-45
Title: Multiple location bar spoofing vulnerabilities Impact: Moderate Announced: July 20, 2010 Reporter: Michal Zalewski, Jordi Chancel Products: Firefox, SeaMonkey
Fixed in: Firefox 3.6.7 Firefox 3.5.11 SeaMonkey 2.0.6 Description
Google security researcher Michal Zalewski reported two methods for spoofing the contents of the location bar. The first method works by opening a new window containing a resource that responds with an HTTP 204 (no content) and then using the reference to the new window to insert HTML content into the blank document. The second location bar spoofing method does not require that the resource opened in a new window respond with 204, as long as the opener calls window.stop() before the document is loaded. In either case a user could be mislead as to the correct location of the document they are currently viewing.
* Location bar spoofing with HTTP 204 or window.stop() * CVE-2010-1206 * SSL spoofing with history.back() and history.forward() * CVE-2010-2751