CVE Reference: CVE-2005-2268

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2005-2268

Description:
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

CVE Status:
Candidate

References:

SUSE
  http://www.novell.com/linux/security/advisories/2005_18_sr.html
  http://www.novell.com/linux/security/advisories/2005_45_mozilla.html

SAID
  Secunia Advisory: SA15489

REDHAT
  http://www.redhat.com/support/errata/RHSA-2005-587.html
  http://www.redhat.com/support/errata/RHSA-2005-586.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1268
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10517
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1313
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100005

MISC
  http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/

FEDORA

DEBIAN
  http://www.debian.org/security/2005/dsa-810

CONFIRM
  http://www.mozilla.org/security/announce/mfsa2005-54.html

BID
  14242


Return to the previous page.