| VID |
28632 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Mozilla Web browser, according to its version number, has multiple spoofing vulnerabilities.
1. Mozilla and Firefox Web browser may permit malicious Web pages to spoof security properties of a trusted site, such as SSL certificates and URIs.
2. Mozilla and Firefox Web browser also support the XUL (XML User Interface Language), a language designed to manipulate the user interface of the browser itself. XUL has a flaw that gives the full control of the browser GUI to the visited websites.
The attacker could exploit this spoofing flaws to steal sensitive or private information, facilitating phishing attacks.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.nd.edu/~jsmith30/xul/test/spoof.html
http://secunia.com/advisories/12188/
http://bugzilla.mozilla.org/show_bug.cgi?id=244965
http://bugzilla.mozilla.org/show_bug.cgi?id=252198
* Platforms Affected:
Mozilla Browser version 1.7.2 and earlier
Mozilla Firefox version 0.9.2 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of August 2004.
Upgrade to the latest version of Mozilla, when new fixed version becomes available from the Mozilla Download Web site at http://www.mozilla.org/download.html |
| Related URL |
CVE-2004-0763,CVE-2004-0764 (CVE) |
| Related URL |
10832,10796 (SecurityFocus) |
| Related URL |
16796 (ISS) |
|
