Bug 127120 - CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7
CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7
Product: Fedora
Classification: Fedora
Component: mozilla (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-07-02 04:05 EDT by Barry K. Nathan
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-12 23:55:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Barry K. Nathan 2004-07-02 04:05:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.7)
Gecko/20040701 Firefox/0.9

Description of problem:
There may be a frame injection/spoofing security hole in Mozilla 1.6
and earlier, which could be used to assist in phishing attacks. Note
that there's a thread discussing this on the full-disclosure mailing
list; there seems to be some controversy as to whether this is really
a security hole. Nonetheless, Secunia claims it's fixed in Mozilla
1.7, and I can confirm that, insofar as Secunia's proof-of-concept
successfully changes a frame in mozilla-1.6-8 but not mozilla-1.7-0.3.2.

BTW, the Secunia advisory is here:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Visit the Secunia test site:
2. Follow the directions.

Actual Results:  Secunia contents are injected into MSDN site.

Expected Results:  MSDN site contents are not replaced with Secunia

Additional info:

One of the full-disclosure threads suggests that the attack may only
be possible if pop-up blocking is disabled. I tested Mozilla 1.7 with
pop-up blocking both enabled and disabled, and I tested Mozilla 1.6
with pop-up blocking disabled, but I have not tested Mozilla 1.6 with
pop-up blocking enabled.
Comment 3 Barry K. Nathan 2004-07-03 02:28:16 EDT
FWIW, the upstream (bugzilla.mozilla.org) bug number for this is 246448:
Comment 4 Barry K. Nathan 2004-07-03 02:30:36 EDT
And this vulnerability is also mentioned on Slashdot:
Comment 7 Christopher Aillon 2004-08-12 23:55:52 EDT
Blizzard pushed out the errata for this.  
Comment 8 Barry K. Nathan 2004-08-26 07:19:00 EDT
Errata was pushed for FC2, but not FC1. (Todd Denniston filed bug
130464 regarding this.)

Note You need to log in before you can comment on or make changes to this bug.