You are currently viewing a snapshot of www.mozilla.org taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to www.mozilla.org, please file a bug.



You are here: Known Vulnerabilities in Mozilla Products (Firefox 1.0.1) > MFSA 2005-13

Mozilla Foundation Security Advisory 2005-13

Title: Window Injection Spoofing
Severity: Low
Risk: Low
Reporter: Secunia
Products: Firefox, Mozilla Suite

Fixed in: Firefox 1.0.1
  Mozilla Suite 1.7.6

Description

A website can inject content into a popup opened by another site if the target name of the popup window is known. An attacker who knows you are going to visit that other site could spoof the contents of the popup.

Open windows can now be targeted by name only by the site whose content is in the window and the site which opened the window if different. Other sites attempting to target the same named window will instead get a new unnamed window.

Workaround

Do not browse trusted sites after browsing untrusted sites

References