Dialog Spoofing Vulnerability

VERIFIED INVALID

Status

()

VERIFIED INVALID
14 years ago
14 years ago

People

(Reporter: kelly_worth2003, Assigned: bugzilla)

Tracking

1.0 Branch
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

14 years ago
Vulnerability:"Window injection Vulnerability" 

found this Vulnerability on http://secunia.com/product/4227/ 

The problem is that a website can inject content into another site's window if
the target name of the window is known. This can e.g. be exploited by a
malicious website to spoof the content of a pop-up window opened on a trusted
website. 

This Vulnerability can be eliminated by selecting the load images from
originating   website only. of course then images from a particular website such
as http://www.amazon.co.uk wouldnt load.

Comment 1

14 years ago
The url listed in this bug is Secunia's Firefox vulnerability page. Each of the
four vulnerabilities listed at the page have separate bugs in bugzilla. All
advisory pages look like http://secunia.com/advisories/ then some number not
http://secunia.com/product/ then some number.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 14 years ago
OS: Linux → All
Hardware: PC → All
Resolution: --- → INVALID
Status: RESOLVED → VERIFIED

Comment 2

14 years ago
the correct advisory <http://secunia.com/advisories/13129/> event mentions the
bugzilla number : bug 273699
You need to log in before you can comment on or make changes to this bug.