Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka Firespoofing.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
| Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
| Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
| Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
| Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
| Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
| Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
| Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
| Firefox | Mozilla | 1.0 (including) | 1.0 (including) |
| Red Hat Enterprise Linux 4 | RedHat | firefox-0:1.0.1-1.4.3 | * |
| Mozilla | Ubuntu | edgy | * |
References
- http://marc.info/?l=bugtraq\u0026m=110547286002188\u0026w=2
- http://secunia.com/advisories/13786
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.mikx.de/firespoofing/
- http://www.mikx.de/index.php?p=7
- http://www.mozilla.org/security/announce/mfsa2005-16.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.securityfocus.com/bid/12234
- https://bugzilla.mozilla.org/show_bug.cgi?id=260560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039
- http://marc.info/?l=bugtraq\u0026m=110547286002188\u0026w=2
- http://secunia.com/advisories/13786
- http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
- http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
- http://www.mikx.de/firespoofing/
- http://www.mikx.de/index.php?p=7
- http://www.mozilla.org/security/announce/mfsa2005-16.html
- http://www.redhat.com/support/errata/RHSA-2005-176.html
- http://www.redhat.com/support/errata/RHSA-2005-384.html
- http://www.securityfocus.com/bid/12234
- https://bugzilla.mozilla.org/show_bug.cgi?id=260560
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18864
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039