You are here: Known Vulnerabilities in Mozilla Products (Firefox 184.108.40.206) > MFSA 2008-19
Mozilla Foundation Security Advisory 2008-19
Title: XUL popup spoofing variant (cross-tab popups)
Announced: March 25, 2008
Reporter: Chris Thomas
Products: Firefox, SeaMonkey
Fixed in: Firefox 220.127.116.11
Mozilla contributor Chris Thomas demonstrated that it was possible to have a background tab create a borderless XUL pop-up in front of the active tab in the user's browser. This technique could be used by an attacker to spoof form elements such as a login prompt for a site opened in a different tab and steal the user's login credentials for that site.