Mozilla / Firefox user interface spoofing vulnerability

2004-07-1900:00:00

vuxml.freebsd.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.02 Low

EPSS

Percentile

88.8%

JSON

The Mozilla project’s family of browsers contain a design
flaw that can allow a website to spoof almost perfectly any
part of the Mozilla user interface, including spoofing web
sites for phishing or internal elements such as the “Master
Password” dialog box. This achieved by manipulating “chrome”
through remote XUL content. Recent versions of Mozilla have
been fixed to not allow untrusted documents to utilize
“chrome” in this way.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfirefox<= 0.9.1_1UNKNOWN
FreeBSDanynoarchlinux-mozilla<= 1.7.1UNKNOWN
FreeBSDanynoarchlinux-mozilla-devel<= 1.7.1UNKNOWN
FreeBSDanynoarchmozilla<= 1.7.1,2UNKNOWN
FreeBSDanynoarchmozilla-gtk1<= 1.7.1_1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	firefox	<= 0.9.1_1	UNKNOWN
FreeBSD	any	noarch	linux-mozilla	<= 1.7.1	UNKNOWN
FreeBSD	any	noarch	linux-mozilla-devel	<= 1.7.1	UNKNOWN
FreeBSD	any	noarch	mozilla	<= 1.7.1,2	UNKNOWN
FreeBSD	any	noarch	mozilla-gtk1	<= 1.7.1_1	UNKNOWN