Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability
BID:12234
Info
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability
| Bugtraq ID: | 12234 |
| Class: | Design Error |
| CVE: |
CVE-2005-0591 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | This vulnerability was discovered by Michael Krax <mikx at mikx.de>. |
| Vulnerable: |
SGI ProPack 3.0 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core2 Redhat Fedora Core1 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 Netscape Netscape 7.1 Mozilla Firefox 1.0 Mozilla Browser 1.7.5 HP HP-UX B.11.23 HP HP-UX B.11.22 HP HP-UX B.11.11 HP HP-UX B.11.00 Gentoo Linux |
| Not Vulnerable: |
Mozilla Firefox 1.0.1 |
Discussion
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability
Mozilla, Firefox, and Netscape Web browsers are reported prone to a vulnerability that may conceal modal dialogs by covering them with a pop-up window.
Download or security dialogs may be obscured by the use of JavaScript that places a specially crafted pop-up window that is directly placed on top of the dialog. This may induce a user into trusting the spoofed dialogs and taking further action based on this false sense of trust.
This issue was reported to affect Windows versions of the browsers.
Mozilla, Firefox, and Netscape Web browsers are reported prone to a vulnerability that may conceal modal dialogs by covering them with a pop-up window.
Download or security dialogs may be obscured by the use of JavaScript that places a specially crafted pop-up window that is directly placed on top of the dialog. This may induce a user into trusting the spoofed dialogs and taking further action based on this false sense of trust.
This issue was reported to affect Windows versions of the browsers.
Exploit / POC
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability
Michael Krax <mikx at mikx.de> has provided the following proof-of-concepts, which will only work under default GUI settings:
http://www.mikx.de/firespoofing/
Michael Krax <mikx at mikx.de> has provided the following proof-of-concepts, which will only work under default GUI settings:
http://www.mikx.de/firespoofing/
Solution / Fix
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability
Solution:
Mozilla has released version 1.0.1 of Firefox to address this, and other issues:
RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
Red Hat has released advisory RHSA-2005:384-11 and fixes to address this
and other issues on Red Hat Linux Enterprise platforms. Customers who are
affected are advised to apply the appropriate updates. Customers
subscribed to the Red Hat Network may apply the appropriate fixes using
the Red Hat Update Agent (up2date). Please see the referenced advisory for
additional information.
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.
Mozilla Firefox 1.0
Solution:
Mozilla has released version 1.0.1 of Firefox to address this, and other issues:
RedHat Fedora Linux has made an advisory available dealing with this issue in their Core 3 distribution. Please see the reference section for more information.
Gentoo has released an advisory (GLSA 200503-10) and updated eBuilds to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
For Firefox users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-1.0.1"
For Firefox binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=net-www/mozilla-firefox-bin-1.0.1"
Gentoo has released advisory GLSA 200503-30 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:
Mozilla Suite users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-1.7.6"
Mozilla Suite binary users:
emerge --sync
emerge --ask --oneshot --verbose ">=www-client/mozilla-bin-1.7.6"
Red Hat has released advisory RHSA-2005:384-11 and fixes to address this
and other issues on Red Hat Linux Enterprise platforms. Customers who are
affected are advised to apply the appropriate updates. Customers
subscribed to the Red Hat Network may apply the appropriate fixes using
the Red Hat Update Agent (up2date). Please see the referenced advisory for
additional information.
SGI has released an advisory 20050501-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
HP advisory HPSBUX01133 (SSRT5940 rev.1 - HP-UX Mozilla remote, unauthorized user may execute privileged code) is available to address various issues affecting Mozilla. Please see the referenced advisory for more information.
Mozilla Firefox 1.0
-
Mozilla firefox-1.0.1-source.tar.bz2
http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.1/source/f irefox-1.0.1-source.tar.bz2
References
Mozilla/Netscape/Firefox Browser Modal Dialog Spoofing Vulnerability
References:
References:
- Firefox Release Notes (Mozilla)
- Firespoofing (Michael Krax )
- RHSA-2005:384-11 - Mozilla security update (Red Hat)