Bug 1195640 (CVE-2015-0819)

Summary: CVE-2015-0819 Mozilla: UI Tour whitelisted sites in background tab can spoof foreground tabs (MFA 2015-26)
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-24 19:48:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1193790    

Description Huzaifa S. Sidhpurwala 2015-02-24 08:39:24 UTC
Mozilla developer Matthew Noorenberghe reported that whitelisted Mozilla domains could make UITour API calls while the UI Tour pages for Firefox are present in background tabs. If one of these Mozilla domains was compromised and open in another tab, an attacker could then use that tab to engage in spoofing and clickjacking in any foreground tab. 

External Reference:



Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matthew Noorenberghe as the original reporter.


This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.