[SEG] Mozilla / Mozilla Firefox Window Injection Vulnerability

-> hay un un test de vulnerabilidad
http://secunia.com/multiple_browser...lity_test/
y ver "solution" :-)


Mozilla / Mozilla Firefox Window Injection Vulnerability
http://secunia.com/advisories/13129/

Secunia Advisory: SA13129 Print Advisory
Release Date: 2004-12-08

Critical:Moderately critical
Impact: Spoofing
Where: From remote
Solution Status: Unpatched

Software:
Mozilla 0.x
Mozilla 1.0
Mozilla 1.1
Mozilla 1.2
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5
Mozilla 1.6
Mozilla 1.7.x
Mozilla Firefox 0.x
Mozilla Firefox 1.x

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Secunia Research has reported a vulnerability in Mozilla / Mozilla
Firefox, which can be exploited by malicious people to spoof the
content of websites.

The problem is that a website can inject content into another site's
window if the target name of the window is known. This can e.g. be
exploited by a malicious website to spoof the content of a pop-up
window opened on a trusted website.

This is related to:
SA11978

Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
http://secunia.com/multiple_browser...lity_test/

The vulnerability has been confirmed in Mozilla 1.7.3 and Mozilla
Firefox 1.0. Other versions may also be affected.

Solution:
Do not browse untrusted sites while browsing trusted sites.

Provided and/or discovered by:
Secunia Research

Original Advisory:
http://secunia.com/secunia_research.../advisory/

Other References:
SA11978:
http://secunia.com/advisories/11978/