Description: Secunia Research has reported a vulnerability in Mozilla / Mozilla Firefox, which can be exploited by malicious people to spoof the content of websites.
The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
The vulnerability has been confirmed in Mozilla 1.7.3, Mozilla Firefox 1.0, and Camino 0.8.2. Other versions may also be affected.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Do not browse untrusted sites while browsing trusted sites.
Provided and/or discovered by: Secunia Research
Changelog: 2004-12-10: Added Camino as affected. Added CVE reference.
2004-12-20: Added link to Mozilla bug report.
2005-02-25: Mozilla Firefox 1.0.1 released. Updated "Solution" section.
2005-03-22: Mozilla 1.7.6 released. Updated "Solution" section.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
