Bug 127338 - CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7
CAN-2004-0718 frame injection (spoofing) vuln in Mozilla before 1.7
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mozilla (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Christopher Aillon
Ben Levenson
: Security
Depends On:
  Show dependency treegraph
Reported: 2004-07-06 15:25 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-08-04 17:49:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2004:421 high SHIPPED_LIVE Critical: mozilla security update 2004-08-04 00:00:00 EDT

  None (edit)
Description Josh Bressers 2004-07-06 15:25:03 EDT
Description of problem:
There may be a frame injection/spoofing security hole in Mozilla 1.6
and earlier, which could be used to assist in phishing attacks. Note
that there's a thread discussing this on the full-disclosure mailing
list; there seems to be some controversy as to whether this is really
a security hole. Nonetheless, Secunia claims it's fixed in Mozilla
1.7, and I can confirm that, insofar as Secunia's proof-of-concept
successfully changes a frame in mozilla-1.6-8 but not mozilla-1.7-0.3.2.

BTW, the Secunia advisory is here:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Visit the Secunia test site:
2. Follow the directions.

Actual Results:  Secunia contents are injected into MSDN site.

Expected Results:  MSDN site contents are not replaced with Secunia

Additional info:

One of the full-disclosure threads suggests that the attack may only
be possible if pop-up blocking is disabled. I tested Mozilla 1.7 with
pop-up blocking both enabled and disabled, and I tested Mozilla 1.6
with pop-up blocking disabled, but I have not tested Mozilla 1.6 with
pop-up blocking enabled.

Affects RHEL3 and RHEL2.1

FC is covered by bug 127120
Comment 2 Christopher Blizzard 2004-07-14 16:01:52 EDT
Over to the other Chris.
Comment 3 Christopher Blizzard 2004-07-22 16:36:29 EDT

*** This bug has been marked as a duplicate of 127120 ***
Comment 4 Mark J. Cox 2004-07-23 04:43:48 EDT
Reopening - this is the tracking bug for this issue in RHEL
distributions whereas bug 127120 refers to the same issue in FC
Comment 5 Mark J. Cox 2004-08-04 17:49:23 EDT
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.