Red Hat Bugzilla – Bug 127338
CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7
Last modified: 2007-11-30 17:07:02 EST
Description of problem:
There may be a frame injection/spoofing security hole in Mozilla 1.6
and earlier, which could be used to assist in phishing attacks. Note
that there's a thread discussing this on the full-disclosure mailing
list; there seems to be some controversy as to whether this is really
a security hole. Nonetheless, Secunia claims it's fixed in Mozilla
1.7, and I can confirm that, insofar as Secunia's proof-of-concept
successfully changes a frame in mozilla-1.6-8 but not mozilla-1.7-0.3.2.
BTW, the Secunia advisory is here:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Visit the Secunia test site:
2. Follow the directions.
Actual Results: Secunia contents are injected into MSDN site.
Expected Results: MSDN site contents are not replaced with Secunia
One of the full-disclosure threads suggests that the attack may only
be possible if pop-up blocking is disabled. I tested Mozilla 1.7 with
pop-up blocking both enabled and disabled, and I tested Mozilla 1.6
with pop-up blocking disabled, but I have not tested Mozilla 1.6 with
pop-up blocking enabled.
Affects RHEL3 and RHEL2.1
FC is covered by bug 127120
Over to the other Chris.
*** This bug has been marked as a duplicate of 127120 ***
Reopening - this is the tracking bug for this issue in RHEL
distributions whereas bug 127120 refers to the same issue in FC
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.