Description of problem: There may be a frame injection/spoofing security hole in Mozilla 1.6 and earlier, which could be used to assist in phishing attacks. Note that there's a thread discussing this on the full-disclosure mailing list; there seems to be some controversy as to whether this is really a security hole. Nonetheless, Secunia claims it's fixed in Mozilla 1.7, and I can confirm that, insofar as Secunia's proof-of-concept successfully changes a frame in mozilla-1.6-8 but not mozilla-1.7-0.3.2. BTW, the Secunia advisory is here: http://secunia.com/advisories/11978/ Version-Release number of selected component (if applicable): mozilla-1.6-8 How reproducible: Always Steps to Reproduce: 1. Visit the Secunia test site: http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/ 2. Follow the directions. Actual Results: Secunia contents are injected into MSDN site. Expected Results: MSDN site contents are not replaced with Secunia contents. Additional info: One of the full-disclosure threads suggests that the attack may only be possible if pop-up blocking is disabled. I tested Mozilla 1.7 with pop-up blocking both enabled and disabled, and I tested Mozilla 1.6 with pop-up blocking disabled, but I have not tested Mozilla 1.6 with pop-up blocking enabled. Affects RHEL3 and RHEL2.1 FC is covered by bug 127120
Over to the other Chris.
*** This bug has been marked as a duplicate of 127120 ***
Reopening - this is the tracking bug for this issue in RHEL distributions whereas bug 127120 refers to the same issue in FC distributions.
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-421.html