Mozilla浏览器跨地域对话框欺骗漏洞

漏洞信息详情

Mozilla浏览器跨地域对话框欺骗漏洞

• CNNVD编号：CNNVD-200410-055
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1380
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2004-10-20
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mozilla
• 漏洞来源：
  Discovery of this …

Firefox 1.0之前版本和Mozilla 1.7.5之前版本允许闲置的（后台）制表符展开对话框，远程攻击者可以欺骗在其他窗口中来自于网站的对话框并且促进钓鱼攻击，也称为\”Dialog Box Spoofing Vulnerability\”。

Mozilla has released version 1.0.1 of Firefox to address this, and other issues:
SGI has released an advisory 20050304-01-U including updated SGI ProPack 3 Service Pack 4 packages to address this issue. Please see the referenced advisory for more information.
Slackware Linux has released advisory SSA:2005-085-01 along with fixes dealing with this issue. Please see the reference section for more information.
RedHat has released advisories RHSA-2005:323 and RHSA-2005:335 to address this issue. Please see the referenced advisories to obtain fix information.
RedHat Fedora Legacy has released advisory FLSA:152883 addressing this and other issues for RedHat Linux 7.3, 9 and for Fedora Core 1 and Core 2. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Netscape Browser 8.0 has been released to address various security issues.
Please see the vendor advisory in Web references for more information.
Mozilla Firefox 0.10.1

• Mozilla firefox-1.0.1-source.tar.bz2
  
  http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.1/source/f
  irefox-1.0.1-source.tar.bz2

Mozilla Firefox 1.0

• Mozilla firefox-1.0.1-source.tar.bz2
  
  http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.0.1/source/f
  irefox-1.0.1-source.tar.bz2

Netscape Netscape 7.0

• Netscape Netscape 8.0
  
  http://browser.netscape.com/ns8/download/

Netscape Netscape 7.1

• Netscape Netscape 8.0
  
  http://browser.netscape.com/ns8/download/

Netscape Netscape 7.2

• Netscape Netscape 8.0
  
  http://browser.netscape.com/ns8/download/

来源: XF
名称: web-browser-modal-spoofing(18864)
链接:http://xforce.iss.net/xforce/xfdb/18864

来源: REDHAT
名称: RHSA-2005:335
链接:http://www.redhat.com/support/errata/RHSA-2005-335.html

来源: REDHAT
名称: RHSA-2005:323
链接:http://www.redhat.com/support/errata/RHSA-2005-323.html

来源: www.mozilla.org
链接:http://www.mozilla.org/security/announce/mfsa2005-05.html

来源: SECUNIA
名称: 12712
链接:http://secunia.com/advisories/12712

来源: secunia.com
链接:http://secunia.com/multiple_browsers_form_field_focus_test/

来源: secunia.com
链接:http://secunia.com/multiple_browsers_dialog_box_spoofing_test/

来源: OVAL
名称: oval:org.mitre.oval:def:10211
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10211

来源: US Government Resource: oval:org.mitre.oval:def:100050
名称: oval:org.mitre.oval:def:100050
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100050