Mozilla / Mozilla Firefox Dialog Overlapping Weakness

Mozilla / Mozilla Firefox Dialog Overlapping Weakness
http://secunia.com/advisories/13786/

***********************************************************
Quote
***********************************************************
Secunia Advisory:	SA13786  
Release Date:	2005-01-12

Critical:	
Not critical
Impact:	Spoofing
Where:	From remote
Solution Status:	Unpatched

Software:	Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x

Description:
mikx has discovered a weakness in Mozilla and Mozilla Firefox, which 
potentially can be exploited by malicious people to trick users into 
performing unintended actions.

The problem is that popup windows can overlay modal dialogs. This can 
e.g. be exploited by a malicious web site to hide the information 
text in a download or security dialog in order to trick a user into 
accepting it.

Exploitation is more or less convincing depending on the used Windows 
desktop theme.

The weakness has been confirmed on Mozilla Firefox 1.0 and Mozilla 
1.7.5 for Windows.

Solution:
Do not take positive actions on dialogs from untrusted sources.

Provided and/or discovered by:
mikx

Original Advisory:
http://www.mikx.de/?p=7

Other References:
Bugzilla reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=260560
***********************************************************
Unquote
***********************************************************

-- 
Kayode Okeyode
http://del.icio.us/kayodeok
http://www.kayodeok.co.uk/weblog/
0
kayodeok
1/12/2005 8:29:40 PM
grc.security 16608 articles. 3 followers. Follow

0 Replies
696 Views

Similar Articles

[PageSpeed] 49

Reply:

Similar Artilces:

Firefox,Mozilla Firefox,Firefox download,Mozilla Firefox download
Download Firefox Firefox,Mozilla Firefox,Firefox download,Mozilla Firefox download http://soft.topcities.com/Firefox.htm On 2006-11-28 20:04 (-0700 UTC), idownweb.com wrote: > Download Firefox > > Firefox,Mozilla Firefox,Firefox download,Mozilla Firefox download > > http://soft.topcities.com/Firefox.htm Mebbe it's just me, but isn't this kind of a silly place to spam with something like this? /b. -- 'There is caution, and there is irrational paranoia.' -- Ron Hunter Wow, now thats totally random. On 28 Nov 2006 19:04:38 -0800, ...

Mozilla / Mozilla Firefox Download Dialog Source Spoofing
SECUNIA ADVISORY ID: SA13599 VERIFY ADVISORY: http://secunia.com/advisories/13599/ CRITICAL: Less critical IMPACT: Spoofing WHERE: From remote SOFTWARE: Mozilla 1.7.x http://secunia.com/product/3691/ Mozilla Firefox 1.x http://secunia.com/product/4227/ DESCRIPTION: Secunia Research has discovered a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the source displayed in the Download Dialog box. The problem is that long sub-domains and paths aren't displayed correctly, which therefore can be exploited to obfusc...

Mozilla Firefox 32 bit, Mozilla Firefox 64 bit
Name: Patrick Dreier Email: patrickdotdreieratmymaildotch Product: Firefox Summary: Mozilla Firefox 32 bit, Mozilla Firefox 64 bit Comments: Sehr geehrte Damen und Herren! Könnt Ihr bitte ein Mozilla Firefox für Windows XP Professional 32 bit: Mozilla_Firefox_wxp_x86_Setup_2_0_0_13.exe und einen Mozilla Firefox für Windows XP Professional 64 bit: Mozilla_Firefox_wxp_x64_Setup_2_0_0_13.exe programmieren! Hochachtungsvoll! Browser Details: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ...

Why do we have Netscape, Mozilla Firefox, and/or Mozilla Thunderbird?
Correct me if I'm wrong, does Mozilla(Firefox and Thunderbird) capabilities and features soon to replace Netscape? Or they are two(2) different breed of browsers? Thanks. Sarah Sarah Tanembaum wrote: > Correct me if I'm wrong, does Mozilla(Firefox and Thunderbird) > capabilities and features soon to replace Netscape? Or they are two(2) > different breed of browsers? Thanks. > > Sarah Mozilla Suite = browser, mail, news, chat, composer, etc. in one integrated application Netscape = browser, mail, news, chat, composer, etc., along with some propr...

Firefox, Mozilla, Firebird [All Mozilla +Netscape Browsers]
Name: AHMalik Email: ahmalik_at_comsats.net.pk Product: Other (please state) Summary: Firefox, Mozilla, Firebird [All Mozilla +Netscape Browsers] Comments: 1. The links with the text [having link url] are not copied on copying by > highlight the text > copy. While in Internet Explorer this facillity is there. 2. In "File" menue 'Close Window' & 'Close Tab' is above the 'Save As ..' which mostly causes confusion to IE users & they close while they actually want to save. Of cource the 'ctrl+S' facillity is addional to...

Mozilla / Mozilla Firefox Window Injection Vulnerability
Mozilla / Mozilla Firefox Window Injection Vulnerability http://secunia.com/advisories/13129/ *********************************************************** Quote *********************************************************** Secunia Advisory: SA13129 Release Date: 2004-12-08 Critical: Moderately critical Impact: Spoofing Where: From remote Solution Status: Unpatched Software: Mozilla 0.x Mozilla 1.0 Mozilla 1.1 Mozilla 1.2 Mozilla 1.3 Mozilla 1.4 Mozilla 1.5 Mozilla 1.6 Mozilla 1.7.x Mozilla Firefox 0.x Mozilla Firefox 1.x Description: Secunia Research has reporte...

cant download mozilla firefox from mozilla.com
Name: James Reeves Email: cyberxeryuxatyahoodotcom Product: eBay Companion Summary: cant download mozilla firefox from mozilla.com Comments: Um whoever design the mozilla.com confuses people there is not a single link to simply download the mozilla firefox browser software ...

Mozilla & Mozilla Firefox search windows.
Name: Karl Sschueler Email: smakarl_at_gmail.com Product: Firefox Summary: Mozilla & Mozilla Firefox search windows. Comments: For all OS: Mozilla has one window for both http addresses & searches, with a search putton. Firefox has a search data window much too small. the one search window with search botton is better! Linux version: when clicking in the address field (previous data there), the previous data should be highlighted automatically for quick replacement. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.8.0.7) Gecko/20060909 Firefox...

Mozilla,Mozilla, Netscape, Firefox whats the deal
The more they proliferate the more they seem the same. General Motors learned that having too many similar models eventually cost them market share. Why so many variations of the same technology. I see there is now a new Netscape htat calims to the the very best of all....as did Firefox, .....asdid Mozilla Gregory Lazarchik wrote: > The more they proliferate the more they seem the same. General Motors > learned that having too many similar models eventually cost them market > share. > > Why so many variations of the same technology. > I see there ...

My CUSTOM Mozilla Firefox & Mozilla Thunderbird
http://www.bigview.net/norvin/files/ Since the early release versions, I have made custom versions of both Mozilla Firefox & Mozilla Thunderbird. My CUSTOM version of Mozilla Firefox is meant for users who are making the switch from Microsoft Internet Explorer. My CUSTOM version of Mozilla Thunderbird is meant for users who are making the switch from Microsoft Outlook, Microsoft Outlook Express, or another similar e-mail program. It has the Calendar Extension installed and many other enhancements the default release version of Mozilla Thunderbird doesn't have. The ...

Valuable Mozilla Firefox Security powered by WorldIP free firefox add-on
Why not set up Firefox (every Firefox version; even for mobile) to have better protection as Default option with one of your add-ons preinstalled? WorldIP Firefox add-on protects against DNS spoofing and DNS cache poisoning everywhere in networks. Phishing too as Alex Aster is saying (a.k.a. Alrond). It informs user of this attacks too. If it gives full protection, why not leave users out of infection and out of being stolen any kind of way? I am testing this add-on 5th month and none of network attacks (DNS Spoofing, DNS cache poisoning) is able to hurt me, or to steal from me mo...

Mozilla Firefox 2.0.0.6 repair Bugfixes to Mozilla Firefox 2.0.0.7
Name: Patrick Dreier Email: patrick2406atsmsdotat Product: Firefox Summary: Mozilla Firefox 2.0.0.6 repair Bugfixes to Mozilla Firefox 2.0.0.7 Comments: Hello! Please interplementate the employment to the menü contents block Popup Windows ativate Java Script, aktivate Java, aktivate Active X tax element, aktivate Active X Scripting, standard write___________ write grow, expand, color, Please Make a Optionfield 1) download 2) automatic Installation. Please completyment to the menü security a to secifice your antivirus application. Please make a menü PlugIns ...

我的火狐浏览器启动时“http://zh-cn.www.mozilla.com/zh-CN/firefox/2.0.0.11/firstrun/”总是自动弹出,同时弹出的还有“http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:zh-CN:official” 这个问题怎么解决?
Name: 向chunghwa Email: sinoxlatgmaildotcom Product: Firefox Summary: 我的火狐浏览器启动时“http://zh-cn.www.mozilla.com/zh-CN/firefox/2.0.0.11/firstrun/”总是自动弹出,同时弹出的还有“http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:zh-CN:official” 这个问题怎么解决? Comments: 我的火狐浏览器启动时“http://zh-cn.www.mozilla.com/zh-CN/firefox/2.0.0.11 /firstrun/”总是自动弹出,同时弹出的还有“http://www.google.com /firefox?client=firefox-a&rls=org.mozilla:zh-CN:official” 这个问题怎么解决? Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9) Gecko/2008052906 Firefox/3.0 From URL: http://hendrix.mozilla.or...

Security hole in Mozilla Firefox?
Name: James Coder Email: jgc5005atpsudotedu Product: Firefox Summary: Security hole in Mozilla Firefox? Comments: While using Mozilla Firefox, my computer managed to contract the Trojan.Zlob.G virus while I was on netscape.aol.com. I've been using Firefox since 2004, I use the internet >40 hours per week, and this is the first time ever that I have been attacked with a virus. Could there be a security hole in the browser? Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 From URL: http://hendrix.mozilla.org...

Web resources about - Mozilla / Mozilla Firefox Dialog Overlapping Weakness - grc.security

Non-overlapping magisteria - Wikipedia, the free encyclopedia
for Natural History magazine, and later in his book Rocks of Ages (1999), Gould put forward what he described as "a blessedly simple and entirely ...

Lay.Over-Double Exposure Photo Edit.or Blend & Overlapping Yr Image.s on the App Store
Read reviews, compare customer ratings, see screenshots, and learn more about Lay.Over-Double Exposure Photo Edit.or Blend & Overlapping Yr Image.s. ...

Overlapping health system just helps to 'jump queue'
Sam Taylor's children were just 6 and 14 when she was asked to make a choice no woman ever wants to make.

Wind River enhancement module adds overlapping windows to Android
... module includes an implementation of an Android windowing system, which offers a more desktop-like approach to multitasking with overlapping ...

"The territory of modern Central African Republic is known to have been settled from at least the 7th ...
"... including the Kanem-Bornu, Ouaddai, Baguirmi, and Dafour groups based on the Lake Chad region and along the Upper Nile. Later, various sultanates ...

JPMorgan CEO Dimon Says Overlapping Regulators Assault Banks
Jamie Dimon, grappling with multibillion- dollar legal costs and rising capital requirements at JPMorgan Chase & Co., said overlapping efforts ...


Americans, MTV and abortion: Overlapping ‘pro-life’ and ‘pro-choice’
Americans, MTV and abortion: Overlapping ‘pro-life’ and ‘pro-choice’

Another Thing That Apple Needs To Fix In iOS 6 Maps: Overlapping Streets
... many of the same issues that have been reported on for weeks. There were also several points of interest that were misplaced due to overlapping ...

Overdosing on Protection: The Overlapping Purposes of the FDA and Product Liability
In the US, medical products are jointly regulated by the US Food and Drug Administration (FDA), which oversees products before their approval ...

Resources last updated: 1/18/2016 9:06:36 AM