Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0374 to the following vulnerability: ** DISPUTED ** Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue." References: http://www.securityfocus.com/archive/1/archive/1/500499/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/500533/100/0/threaded http://www.milw0rm.com/exploits/7903 http://www.secniche.org/gcr_clkj/
This issue affects the version of the mozilla package, as shipped with Red Hat Enteprise Linux 2.1. This issue affects the version of the seamonkey package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue affects the version of the firefox package, as shipped with Red Hat Enterprise Linux 4 and 5. --------------------------------------------------------------------- This issue affects the version of the firefox package, as shipped with Fedora releases of 9, 10 and devel.
This bug lacks enough detail to be useful. I'm going to cantfix this with the intention of reopening it if upstream ever proceeds.